krasnika^

РЕШЕН
Съмнение за инфектирана система

    18 мнения в тази тема


    Здравейте, бихте ли ми казали дали имам повод за притеснение. Клавиатурата ми и мишката отказват на моменти, което ме навежда на мисълта че е заразена машината. Работи бавно и ми дава на моменти син екран. Прилагам логовете:

    DDS:

     

    DDS (Ver_2011-09-30.01) - NTFS_x86 
    Internet Explorer: 8.0.6001.18702
    Run by MONI at 14:35:59 on 2013-05-11
    Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.97 [GMT 3:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesAviraAntiVir Desktopsched.exe
    C:Program FilesAviraAntiVir Desktopavguard.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSSystem32PAStiSvc.exe
    C:Program FilesTeamViewerVersion8TeamViewer_Service.exe
    C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    C:Program FilesAviraAntiVir Desktopavgnt.exe
    C:Program FilesSkypePhoneSkype.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesTeamViewerVersion8TeamViewer.exe
    C:Program FilesAviraAntiVir Desktopavshadow.exe
    C:Program FilesTeamViewerVersion8tv_w32.exe
    C:WINDOWSSystem32alg.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    c:program filesteamviewerversion8TeamViewer_Desktop.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:WINDOWSsystem32wbemwmiprvse.exe
    C:WINDOWSsystem32svchost.exe -k DcomLaunch
    C:WINDOWSsystem32svchost.exe -k rpcss
    C:WINDOWSSystem32svchost.exe -k netsvcs
    C:WINDOWSsystem32svchost.exe -k NetworkService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=5C83002268826863
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
    uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun
    uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
    mRun: [HDAudDeck] c:program filesviaviaudioihdadeckHDeck.exe 1
    mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
    dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
    TCP: NameServer = 89.215.233.2 89.215.246.40
    TCP: Interfaces{A48477B5-DFB6-4E66-93CA-3491DD09FD48} : DHCPNameServer = 89.215.233.2 89.215.246.40
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
    SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:documents and settingsmoniapplication datamozillafirefoxprofiles5w3wuf8l.default
    FF - plugin: c:documents and settingsall usersapplication datanexoneungmnpNxGameeu.dll
    FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
    FF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dll
    FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_135.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.tuvaro.hpOld0 - 
    FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=main&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
    FF - user.js: extensions.tuvaro.instlDay - 15812
    FF - user.js: extensions.tuvaro.vrsn - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsni - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.114:03:46
    FF - user.js: extensions.tuvaro.prtnrId - tuvaro
    FF - user.js: extensions.tuvaro.prdct - tuvaro
    FF - user.js: extensions.tuvaro.aflt - orgnl
    FF - user.js: extensions.tuvaro.smplGrp - none
    FF - user.js: extensions.tuvaro.tlbrId - base
    FF - user.js: extensions.tuvaro.instlRef - 9e9471a2
    FF - user.js: extensions.tuvaro.dfltLng - 
    FF - user.js: extensions.tuvaro.excTlbr - false
    FF - user.js: extensions.tuvaro.ffxUnstlRst - false
    FF - user.js: extensions.tuvaro.admin - false
    FF - user.js: extensions.tuvaro.cam - 
    FF - user.js: extensions.tuvaro.autoRvrt - false
    FF - user.js: extensions.tuvaro.rvrt - false
    FF - user.js: extensions.tuvaro.hmpg - true
    FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=homepage&toolbarid=base&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.dfltSrch - true
    FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
    FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=url&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.dnsErr - true
    FF - user.js: extensions.tuvaro.newTab - true
    FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=9e9471a2&tbp=tab&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.tlbrSrchUrl - 
    FF - user.js: extensions.delta.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15812
    FF - user.js: extensions.delta.vrsn - 1.8.16.16
    FF - user.js: extensions.delta.vrsni - 1.8.16.16
    FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:06:01
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]
    R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]
    R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]
    R0 nvlegacy;nvlegacy;c:windowssystem32driversnvlegacy.sys [2012-7-12 100736]
    R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-1-6 37352]
    R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-1-6 86752]
    R2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-1-6 110816]
    R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-1-6 84744]
    R2 TeamViewer8;TeamViewer 8;c:program filesteamviewerversion8TeamViewer_Service.exe [2013-3-5 3574624]
    R3 MonitorFunction;Driver for Monitor;c:windowssystem32driversTVMonitor.sys [2013-2-3 13304]
    R3 PAC207;SoC PC-Camer@;c:windowssystem32driverspfc027.sys [2005-2-24 162176]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [2012-12-8 279680]
    S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 vtany;vtany;??c:windowsvtany.sys --> c:windowsvtany.sys [?]
    S3 xhunter1;xhunter1;??c:windowsxhunter1.sys --> c:windowsxhunter1.sys [?]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 250808]
    S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]
    .
    =============== Created Last 30 ================
    .
    2013-04-18 13:37:10 -------- d-----w- c:documents and settingsall usersapplication dataInterAction studios
    2013-04-17 15:58:18 -------- d-----w- c:windowssystem32appmgmt
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsmoniapplication dataBabylon
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsall usersapplication dataBabylon
    2013-04-17 11:03:19 -------- d--h--w- c:windowssystem32GroupPolicy
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb1.bin
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb0.bin
    2013-04-14 00:02:47 1 ----a-w- c:windowssystem32nvdrssel.bin
    2013-04-14 00:02:08 -------- d-----w- c:program filesNVIDIA Corporation
    2013-04-11 19:20:18 26520 ----a-w- c:program filesmozilla firefoxplugin-hang-ui.exe
    2013-04-11 19:20:01 96664 ----a-w- c:program filesmozilla firefoxwebapprt-stub.exe
    2013-04-11 19:20:01 19352 ----a-w- c:program filesmozilla firefoxxpcom.dll
    2013-04-11 19:20:01 18581400 ----a-w- c:program filesmozilla firefoxxul.dll
    2013-04-11 19:20:00 92056 ----a-w- c:program filesmozilla firefoxsmime3.dll
    2013-04-11 19:20:00 867000 ----a-w- c:program filesmozilla firefoxuninstallhelper.exe
    2013-04-11 19:20:00 272280 ----a-w- c:program filesmozilla firefoxupdater.exe
    2013-04-11 19:20:00 170232 ----a-w- c:program filesmozilla firefoxwebapp-uninstaller.exe
    2013-04-11 19:20:00 157080 ----a-w- c:program filesmozilla firefoxssl3.dll
    2013-04-11 19:20:00 152472 ----a-w- c:program filesmozilla firefoxsoftokn3.dll
    .
    ==================== Find3M  ====================
    .
    2013-03-27 15:22:35 84744 ----a-w- c:windowssystem32driversavgntflt.sys
    2013-03-27 15:22:35 37352 ----a-w- c:windowssystem32driversavkmgr.sys
    2013-03-08 08:35:47 293376 ----a-w- c:windowssystem32winsrv.dll
    2013-03-07 03:23:36 2070016 ----a-w- c:windowssystem32ntkrnlpa.exe
    2013-03-07 01:31:48 2193536 ----a-w- c:windowssystem32ntoskrnl.exe
    2013-03-02 02:05:19 920064 ----a-w- c:windowssystem32wininet.dll
    2013-03-02 02:05:18 43520 ----a-w- c:windowssystem32licmgr10.dll
    2013-03-02 02:05:18 1469440 ----a-w- c:windowssystem32inetcpl.cpl
    2013-03-02 01:31:30 1876224 ----a-w- c:windowssystem32win32k.sys
    2013-03-02 01:08:57 385024 ----a-w- c:windowssystem32html.iec
    2013-02-12 00:32:23 12928 ----a-w- c:windowssystem32driversusb8023.sys
    .
    ============= FINISH: 14:37:09,76 ===============
     
    Attach:
     
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-09-30.01)
    .
    Microsoft Windows XP Professional
    Boot Device: DeviceHarddiskVolume1
    Install Date: 07.5.2005 г. 18:24:05
    System Uptime: 11.5.2013 г. 12:55:05 (2 hours ago)
    .
    Motherboard: FOXCONN |  | M61PMV
    Processor: AMD Sempron Processor LE-1200 | AMD Sempron Processor LE-1200 | 2109/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 68 GiB total, 59,224 GiB free.
    D: is FIXED (NTFS) - 165 GiB total, 146,672 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Пакет за езиков интерфейс на Windows
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0 - Bulgarian
    Avira Free Antivirus
    CCleaner
    Chicken Invaders 3 Free Trial
    Compatibility Pack for the 2007 Office system
    Dekaron
    Diner Dash - Hometown Hero
    Google Chrome
    Google Update Helper
    K-Lite Codec Pack 8.4.0 (Standard)
    Microsoft Office 2003 Bulgarian User Interface Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Mozilla Firefox 20.0.1 (x86 bg)
    MSXML 4.0 SP3 Parser (KB2758694)
    Nero 7 Micro
    NVIDIA Drivers
    OnScreenKeys 5.0.48
    PC Camer@
    Platform
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2820917)
    Skype™ 6.3
    TeamViewer 8
    The KMPlayer (remove only)
    VIA п»ї
    WebFldrs XP
    Winamp
    WinRAR 4.01 (32-битова версия)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07.5.2013 г. 13:16:53, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    .
    ==== End Of File ===========================
     

    Благодаря  :)

     

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Привет, ето линк към архива: http://dox.bg/files/dw?a=7813a0da6a

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

    Probably caused by : viahduaa.sys ( viahduaa+19e60 )

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:
    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.


    И един от дъмповете се дължи на следното:

     

    Probably caused by : memory_corruption

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20
    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение
    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.
    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.
    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:
    Публикувано изображение

    3 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето линка от стъпка 1: http://file.bg/c233164FmVLa


    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Чудя се дали направо не можете да си карате само на драйвъра на Реалтек за звука, защото имате два драйвъра:

     

    Realtek HDA Audio Drive
    VIA HDA Audio Drive

     

    На сайта на Foxconn драйвърите са доста стари - от 2009-та

     

    На сайта на VIA намерий два за вашия кодек: VIA VT1708B CE

     

    По-стара, но сертифицирана версия - 10.005D Dated: 25-Jul-2012

     

     

    и  по-нова версия (не сертифицирана, но едва ли ще е проблем) - 10.1200A Dated: 7-Nov-2012

     

    Пробвайте и двата и вижте дали сините екрани ще изчезнат. При възможност обновете и останалите драйвъри (но за предпочитане е да не използвате допълнителен софтуер, защото те често свалят погрешните драйвъри за дадена конфигфурация).

     

    Все пак тествайте и РАМ-а и после пишете как е положението.

     

    Също така да почистим и малко Adware и да проверим за активни гадинки:

     

     

     

    СТЪПКА 1

     

     

    Публикувано изображение Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

    • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
    adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

     

     

     

    СТЪПКА 2

     

     

     

    Публикувано изображение Моля изтеглете Junkware Removal Tool на вашия десктоп.


    • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
    JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

     

     

     

    СТЪПКА 3

     

     

    Публикувано изображение Изтеглете Malwarebytes' Anti-Malware

     

    • [*]Кликнете два пъти върху
    mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Прикачете този лог в следващия си коментар в темата.

    Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

     

     

    СТЪПКА 4

     

     

    Публикувано изображение
    1) Изтеглете: ESET Online Scanner
    2) Стартирайте esetsmartinstaller_enu.exe
    3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
    4) Скенерът ще започне да изтегля компонентите, които са му необходими.
    5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

    • [*]
    Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

    Уверете се че, Remove found threats няма отметка!

    И накрая изберете Start

    6) Скенерът ще започне да изтегля последните дефиниции.
    7) След, като сканирането завърши изберете Finish.
    8) Отидете в: C:Program FilesESETESET Online Scanner.

    9) Прикачете лог с името log.txt файла в следващия си пост.

     

     

     

    СТЪПКА 5

     

     

     

    Публикувано изображение
    Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.

    • [*]Кликнете два пъти върху
    SecurityCheck.exe и следвайте инструкциите. [*]Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.

    2 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Здравейте, ето резултати: 

     

     

    П.С. Снимката е прекалено голяма за да я кача тук, затова ви пускам линк:  

    http://dox.bg/files/dw?a=a70a18da55

     

    AdwCleanerS2.txt

    checkup.txt

    JRT.txt

    log.txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Липсва лога от MBAM и за съжаление снимката от Eset не върши работа, защото файловете са с криптирани имена, но щом не пазите лога (както ми писахте по Л.С.) нищо не можем да направим за да видим какво е изтрила програмата след първото стартиране. Втория лог от Есет е чист.

     

    Как е сега положението - обновихте ли драйвърите за звука и продължават ли проблемите заради които отворихте темата?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Прикачам липсващия лог. Появи се нов проблем с драйверите на звука - след инсталацията на новия драйвер ( без сертификата) не ми позволява да включа микрофона в предния панел. Машината се държи по - добре. Само да попитам: да махам ли инструментите които ползвахме ? И какво да правя с файловете под карантина ? Благодаря ви.

    mbam-log-2013-04-06 (11-36-38).txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте, файловете на Eset Online Scaner-a и папката в която са инсталирани остана след указаната от вас деинсталация както и карантината на програмата. Компютъра е много "по - пъргав" ако мога така да се изразя. Справихме се успешно с драйверите, и вече всичко е наред. Засега няма сини екрани и едва ли ще има повече проблеми след вашата намеса, за което ви Благодаря :wors: . Проблемите са решени. Само ми укажете начин по който да премахна програмата Eset Online Scaner  безопасно. Поздрави и лека работа :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Явно прибързах със заключенията относно сините екрани. Днес пак се появи ето кода на грешката: 0x000000D1(0xEB0F6E60,0x00000002,0x00000008,0xEB0F6E60). Бихте ли ми казали от какво може да е ? При рестарт на системата и опит да се затвори доклада за грешка на Microsoft дава пак синя страница с този код:0x000000d1(0xEB161E60,0x00000002,0x00000000,0xEB161E60).

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Най-вероятно причината е в драйвър - и може би отново този на VIA.

     

     

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

     

     

     

    Вижте дали има нов dmp файл в папката C:Windowsminidump и ако има го архивирайте.

     

    Ако отново се окаже, че е заради драйвъра на VIA инсталирайте последната версия без сертификата и пробвайте да работите без микрофона или пробвайте изцяло да карате само на драйвърите на Realtek. Щом помагате по TeamViewer-a няма и как да тествате рама от разстояние - но като имате физически достъп до компютъра тествайте плочките на РАМ-а една по една с Memtest, както бях написал по-нагоре.

     

    Също така:

     

    Изтеглете Autoruns и:

     

    • [*]Стартирайте програмата; [*]Изберете
    Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries; [*]От менюто File -> Refresh; [*]От менюто File -> Save...; [*]Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата.

    ПС: Остатъците от Есет можете да изтриете и ръчно.

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сложихме драйвера на производителя ( с който е купено дъното) и за сега има звук. Има нови Дъмп файлове които прилагам към темата, както и резултата от програмата който поискахте. Поздрави :) http://dox.bg/files/dw?a=b5f4cf62a5 - Minidump

    http://dox.bg/files/dw?a=46a1d5d226 Autoruns - резултат

     

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лошото е, че драйвъра от сайта на производителя, който съм дал е доста стар и може би дори вие в момента сте били със същата версия, която е правила и проблема.

    Според дъмп файловете отново виновен е драйвъра на VIA - viahduaa.sys.

     

    Вариантите са 2.

     

    1. Деинсталирате го и използвате само този на Realtek.

    2. Инсталирате сертифицираната версия, която е по-нова версия от тази на сайта на Foxconn, но и по-стара от несертифицираната версия от сайта на Via.

     

    Поне знаете, къде е проблема! :)

     

    Колкото до Autoruns можете да премахнете следните отметки (не да ги изтриете, а само ги отмаркирайте):

     

    Adobe ARM

    HDAudDeck

     

    И после затворете програмата.

    Изтрийте използваните от нас инструменти. Аз маркирам случая като решен...просто за драйвъра за VIA ако това не помогне не се сещам за друго адекватно решение...

     

    Поздрави!

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:

    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.

    И един от дъмповете се дължи на следното:

     

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20

    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение

    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.

    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.

    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:

    Публикувано изображение

    С огромно закъснение, за което много се извинявам, бих искал да ви съобщя, че състоянието на системата е много добро. Наложи се да преинсталираме целия компютъра с пълно форматиране и разцепване на харддиска, след което направих теста на РАМ паметта ( както ме посъветвахте - цяла нощ ) резултата е че : няма грешки в паметта, и за момента работи добре, и без сини екрани :)  Още веднъж Благодаря за помощта и положените усилия :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Все пак причината бе и си остава в драйвърите на Realtek...и затова го имайте предвид! :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    :)  точно затова този път съм качил всички без тях :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!


    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.


    Вход

    • Горещи теми в момента

    • Подобни теми

      • от BMW Маниак
        ОС започва да работи бавно,да лагва, и това е всеки път след като посърфирам в нета с firefox. След рестарт се оправя и постепенно пак започва да забавя.
        Това ми се случва вече с трета ОС (7, 8, 10)
        След нова инсталация и след по малко от месец и този проблем отново е налице. Реших да пиша и да видя от какво е проблема за да знам как да го реша и избегна за в бъдеще. Явно с преинсталации отново ще стигна до този момент.     FRST.txt
        Addition.txt
      • от Deco^^
        От известно време ми се отварят автоматично някакви руски сайтове, като например http://workno.ru/ и антивирусната ми засича постоянно файлове на trotux...
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2016 02
        Ran by Ivan (administrator) on DECO (25-09-2016 13:17:32)
        Running from C:\Users\Ivan\Downloads
        Loaded Profiles: Ivan (Available Profiles: Ivan)
        Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
        (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
        () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Windows\System32\igfxTray.exe
        (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
        (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
        () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
        (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
        (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
        () C:\Users\Ivan\AppData\Local\Temp\e.exe
        (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
        (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
        () D:\GAMES\LOL\RADS\system\rads_user_kernel.exe
        () D:\GAMES\LOL\RADS\projects\lol_launcher\releases\0.0.1.28\deploy\LoLLauncher.exe
        () D:\GAMES\LOL\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcher.exe
        () D:\GAMES\LOL\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcherUx.exe
        () D:\GAMES\LOL\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcherUx.exe
        () D:\GAMES\LOL\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcherUx.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
        (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
        HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
        HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-19] ()
        HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-06-30] ()
        HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-10] (Qualcomm®Atheros®)
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-08-03] (Nota Inc.)
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [SkypeVoiceChanger] => C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [mailruhomesearch] => "C:\Users\Ivan\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\Run: [kipgrxbnsm] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=25A52D9F713250ED43C6237A2440A0A5&utm_d=20160920" <===== ATTENTION
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\RunOnce: [ppfjnxhmff] => C:\Users\Ivan\AppData\Local\Temp\e.exe [655360 2016-09-25] () <===== ATTENTION
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\MountPoints2: {d220cac6-eabd-11e5-826c-ace01090902a} - "G:\SETUP.EXE" 
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\...\MountPoints2: {d270f05d-be8d-11e5-8251-ace01090902a} - "F:\SETUP.EXE" 
        ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
        Tcpip\..\Interfaces\{A5C5D290-2087-4E2A-9414-FBC36D2C9B37}: [DhcpNameServer] 192.168.10.254
        Tcpip\..\Interfaces\{D28CAA67-F32D-4DCF-9170-976C633DFD6D}: [DhcpNameServer] 192.168.5.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
        HKU\S-1-5-21-2973477095-2590050763-3533725863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
        SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
        SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
        SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
        SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
        SearchScopes: HKU\S-1-5-21-2973477095-2590050763-3533725863-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B2555250C-B2FD-4FEC-BA28-0482B3308840%7D&gp=811014
        SearchScopes: HKU\S-1-5-21-2973477095-2590050763-3533725863-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B2555250C-B2FD-4FEC-BA28-0482B3308840%7D&gp=811014
        BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Ivan\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-09-21] (Mail.Ru)
        FireFox:
        ========
        FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default
        FF DefaultSearchEngine: Поиск@Mail.Ru
        FF SelectedSearchEngine: Поиск@Mail.Ru
        FF Homepage: hxxp://mail.ru/cnt/10445?gp=811013
        FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B474F18A6-8225-4EB2-8D6D-0F83FC30E994%7D&gp=811014
        FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
        FF SearchPlugin: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default\searchplugins\mailru.xml [2016-09-21]
        FF Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default\Extensions\abs@avira.com [2016-05-15]
        FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default\Extensions\homepage@mail.ru [2016-09-21]
        FF Extension: (ProxTube - Unblock YouTube) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default\Extensions\ich@maltegoetz.de.xpi [2016-05-15]
        FF Extension: (Поиск@Mail.Ru) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default\Extensions\search@mail.ru [2016-09-21]
        FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\py1odkr2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-09-21]
        Chrome: 
        =======
        CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqeVBuxgrc8GREvCmGm2O3DRCSD6MzCemi0RLqXzY5ZfnBkO9SGwrppR1Onw_wFfnrZgOORI8RnuP_cx-tfgPelsjoWoXDVpUQTxxHBZ3yxirFs3euemmIQLJs_ZVdHcv-_ff4ELLcp83lvlcdJu93T8WtfxCHMk2BqVNrw,,
        CHR StartupUrls: Default -> "hxxps://www.google.bg/","hxxp://www.mysites123.com/?type=hp&ts=1453150592&z=25ecfc8730a888f20e8be78g9z3wccfg1w0e3wft7o&from=amt&uid=st1000lm024xhn-m101mbb_s31qj9eg408813","hxxp://www.trotux.com/?z=9c6969f79078107951f4267g7z9qbqeg9bcwamdbec&from=epf1&uid=ST1000LM024XHN-M101MBB_S31QJ9EG408813&type=hp"
        CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
        CHR Extension: (Flash Video Downloader) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-09-09]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-21]
        CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-25]
        CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323200 2014-12-10] (Windows (R) Win 7 DDK provider) [File not signed]
        R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
        R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [343488 2015-03-29] (Intel Corporation)
        S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2014-10-03] (Intel(R) Corporation)
        R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-19] () [File not signed]
        S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-19] () [File not signed]
        R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [172320 2014-12-11] (Intel Corporation)
        R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
        R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
        R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
        R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
        R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
        S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ==========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.)
        S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-12-10] (Qualcomm Atheros)
        S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-19] (Disc Soft Ltd)
        S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-19] (Disc Soft Ltd)
        R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-04-08] (DT Soft Ltd)
        S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
        S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-17] ()
        R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [32256 2015-02-28] (Intel(R) Corporation)
        R3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [83968 2015-02-28] (Intel(R) Corporation)
        R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [4515768 2015-03-29] (Intel Corporation)
        R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [23824 2015-03-28] (Intel)
        R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
        R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-25] (Malwarebytes)
        R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
        R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
        R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [43176 2015-01-14] (Synaptics Incorporated)
        R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [114976 2014-11-24] (Intel Corporation)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
        R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
        R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-25 13:17 - 2016-09-25 13:18 - 00019598 _____ C:\Users\Ivan\Downloads\FRST.txt
        2016-09-25 13:17 - 2016-09-25 13:17 - 00000000 ____D C:\FRST
        2016-09-25 13:11 - 2016-09-25 13:12 - 02402816 _____ (Farbar) C:\Users\Ivan\Downloads\FRST64.exe
        2016-09-21 02:14 - 2016-09-21 02:14 - 15950848 _____ C:\Users\Ivan\Downloads\How to activate windows 8.1 pro build 9600 permanently.mp4
        2016-09-21 02:03 - 2016-09-21 12:32 - 00000000 ____D C:\Users\Ivan\Downloads\Microsoft Toolkit 2.6 BETA 5 Official
        2016-09-21 02:02 - 2016-09-21 02:10 - 57356492 _____ C:\Users\Ivan\Downloads\Microsoft Toolkit 2.6 BETA 5 Official.zip
        2016-09-21 02:02 - 2016-09-21 02:02 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\uTorrent
        2016-09-21 01:49 - 2016-09-21 01:49 - 00000000 ____D C:\Users\Ivan\AppData\Local\Вoйти в Интeрнет
        2016-09-21 01:48 - 2016-09-25 13:07 - 00000000 ____D C:\Users\Ivan\AppData\Local\syslog
        2016-09-21 01:48 - 2016-09-21 01:48 - 00003490 _____ C:\Windows\System32\Tasks\syslog
        2016-09-21 01:46 - 2016-09-21 01:56 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\NotepadPlusPlusApp
        2016-09-21 01:46 - 2016-09-21 01:46 - 00000000 ____D C:\Users\Ivan\AppData\Local\Поиcк в Интeрнете
        2016-09-21 01:45 - 2016-09-21 01:45 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MailProducts
        2016-09-21 01:45 - 2016-09-21 01:45 - 00000000 ____D C:\Users\Ivan\AppData\Local\Mail.Ru
        2016-09-21 01:45 - 2016-09-21 01:45 - 00000000 ____D C:\ProgramData\Mail.Ru
        2016-09-18 12:39 - 2016-09-18 12:39 - 00000222 _____ C:\Users\Ivan\Desktop\Pro Evolution Soccer 2017 Demo.url
        2016-09-15 15:03 - 2016-09-18 12:39 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
        2016-09-15 14:57 - 2016-09-15 14:57 - 00000000 ____D C:\Users\Ivan\AppData\Local\Steam
        2016-09-15 14:57 - 2016-09-15 14:57 - 00000000 ____D C:\Users\Ivan\AppData\Local\CEF
        2016-09-15 14:49 - 2016-09-25 13:03 - 00000000 ____D C:\Program Files (x86)\Steam
        2016-09-15 14:49 - 2016-09-15 14:49 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
        2016-09-15 14:49 - 2016-09-15 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
        2016-09-14 09:14 - 2016-09-01 06:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2016-09-14 09:14 - 2016-09-01 05:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2016-09-14 09:14 - 2016-09-01 05:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2016-09-14 09:14 - 2016-09-01 04:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
        2016-09-14 09:14 - 2016-09-01 04:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2016-09-14 09:14 - 2016-09-01 04:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2016-09-14 09:14 - 2016-09-01 04:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2016-09-14 09:14 - 2016-09-01 03:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2016-09-14 09:14 - 2016-09-01 03:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2016-09-14 09:14 - 2016-09-01 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2016-09-14 09:14 - 2016-09-01 03:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2016-09-14 09:14 - 2016-09-01 03:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2016-09-14 09:14 - 2016-09-01 03:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2016-09-14 09:14 - 2016-09-01 03:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2016-09-14 09:14 - 2016-09-01 02:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2016-09-14 09:14 - 2016-09-01 02:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2016-09-14 09:14 - 2016-09-01 02:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2016-09-14 09:14 - 2016-09-01 02:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2016-09-14 09:14 - 2016-09-01 01:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2016-09-14 09:14 - 2016-09-01 01:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2016-09-14 09:14 - 2016-08-26 08:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2016-09-14 09:14 - 2016-08-26 07:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2016-09-14 09:14 - 2016-08-26 07:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
        2016-09-14 09:14 - 2016-08-26 07:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
        2016-09-14 09:11 - 2016-07-09 19:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
        2016-09-14 09:11 - 2016-07-09 01:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
        2016-09-14 09:11 - 2016-07-08 17:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
        2016-09-14 09:11 - 2016-07-08 17:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
        2016-09-14 09:11 - 2016-07-08 01:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
        2016-09-14 09:11 - 2016-07-08 01:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
        2016-09-14 09:11 - 2016-07-08 01:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
        2016-09-14 09:11 - 2016-07-08 01:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
        2016-09-14 09:11 - 2016-07-08 00:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
        2016-09-14 09:11 - 2016-07-07 23:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
        2016-09-14 09:11 - 2016-07-07 23:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
        2016-09-14 09:11 - 2016-07-07 23:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
        2016-09-14 09:11 - 2016-07-07 23:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
        2016-09-14 09:11 - 2016-07-07 23:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
        2016-09-14 09:11 - 2016-07-07 23:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
        2016-09-14 09:11 - 2016-07-07 23:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
        2016-09-14 09:11 - 2016-07-07 23:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
        2016-09-14 09:11 - 2016-07-07 23:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
        2016-09-14 09:11 - 2016-07-07 23:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
        2016-09-14 09:11 - 2016-07-07 23:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
        2016-09-14 09:11 - 2016-07-07 22:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
        2016-09-14 09:11 - 2016-07-07 22:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
        2016-09-14 09:11 - 2016-07-04 08:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
        2016-09-14 09:11 - 2016-07-04 06:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
        2016-09-14 09:11 - 2016-07-04 06:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
        2016-09-14 09:11 - 2016-07-04 06:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
        2016-09-14 09:11 - 2016-07-04 06:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
        2016-09-14 09:11 - 2016-07-04 06:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
        2016-09-14 09:11 - 2016-07-04 05:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
        2016-09-14 09:11 - 2016-07-01 23:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
        2016-09-14 09:11 - 2016-07-01 23:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
        2016-09-14 09:11 - 2016-01-10 20:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
        2016-09-14 09:09 - 2016-08-21 02:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
        2016-09-14 09:09 - 2016-08-21 02:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2016-09-14 09:09 - 2016-08-21 02:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2016-09-14 09:09 - 2016-08-21 02:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
        2016-09-14 09:09 - 2016-08-21 01:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2016-09-14 09:09 - 2016-08-21 01:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
        2016-09-14 09:09 - 2016-08-21 01:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
        2016-09-14 09:09 - 2016-08-10 01:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
        2016-09-14 09:09 - 2016-08-10 01:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
        2016-09-14 09:09 - 2016-08-04 17:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2016-09-14 09:09 - 2016-08-03 21:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2016-09-14 09:09 - 2016-08-03 21:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2016-09-14 09:04 - 2016-09-09 00:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2016-09-14 09:04 - 2016-09-09 00:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2016-09-14 09:04 - 2016-08-22 19:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2016-09-14 09:04 - 2016-08-22 19:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2016-09-14 09:04 - 2016-08-21 04:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2016-09-14 09:04 - 2016-08-21 04:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2016-09-14 09:04 - 2016-08-21 04:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2016-09-14 09:04 - 2016-08-21 03:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2016-09-14 09:04 - 2016-08-21 02:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2016-09-14 09:04 - 2016-08-21 01:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2016-09-14 09:03 - 2016-08-14 22:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
        2016-09-14 09:03 - 2016-08-14 21:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2016-09-14 09:03 - 2016-08-14 19:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
        2016-09-14 09:03 - 2016-08-13 10:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2016-09-14 09:03 - 2016-08-13 10:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2016-09-14 09:03 - 2016-08-13 10:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2016-09-14 09:03 - 2016-08-13 10:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
        2016-09-14 09:03 - 2016-08-13 10:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2016-09-14 09:03 - 2016-08-13 10:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
        2016-09-14 09:03 - 2016-08-13 03:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2016-09-14 09:03 - 2016-08-11 19:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
        2016-09-14 09:03 - 2016-08-11 19:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
        2016-09-14 09:03 - 2016-08-11 19:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
        2016-09-09 11:29 - 2016-09-09 11:29 - 00000998 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
        2016-09-05 08:33 - 2016-09-05 08:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3B96785B.sys
        2016-09-05 08:33 - 2016-09-05 08:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0F8F7861.sys
        2016-09-02 16:30 - 2016-07-27 22:25 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
        2016-09-01 22:02 - 2016-09-02 15:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
        2016-09-01 21:18 - 2016-09-01 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
        2016-09-01 21:18 - 2016-08-26 00:10 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
        2016-09-01 21:18 - 2016-08-26 00:10 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
        2016-09-01 21:18 - 2016-08-26 00:10 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
        2016-09-01 21:18 - 2016-08-26 00:10 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
        2016-09-01 21:18 - 2016-08-26 00:10 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
        2016-09-01 21:18 - 2016-08-26 00:10 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
        2016-09-01 21:18 - 2016-08-26 00:10 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
        2016-09-01 21:18 - 2016-08-26 00:10 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
        2016-09-01 21:18 - 2016-08-22 18:18 - 07320235 _____ C:\Windows\system32\nvcoproc.bin
        2016-09-01 21:14 - 2016-08-26 02:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 28207672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 19848080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 14352816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
        2016-09-01 21:14 - 2016-08-26 02:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 03917512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 03456888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
        2016-09-01 21:14 - 2016-08-26 02:28 - 00039731 _____ C:\Windows\system32\nvinfo.pb
        2016-09-01 21:14 - 2016-08-26 02:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
        2016-09-01 21:14 - 2016-08-26 02:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-25 13:08 - 2016-01-19 12:25 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CDDC2372-D717-4D6A-A9FD-7D647CD65870}
        2016-09-25 13:07 - 2016-06-21 14:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2016-09-25 13:03 - 2016-01-18 22:19 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Skype
        2016-09-25 13:01 - 2016-01-19 13:44 - 00001216 _____ C:\Users\Ivan\Documents\Don't touch this xD.txt
        2016-09-25 12:59 - 2016-06-17 22:06 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
        2016-09-25 12:58 - 2016-01-19 12:11 - 00000000 __SHD C:\Users\Ivan\IntelGraphicsProfiles
        2016-09-21 12:39 - 2016-02-07 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
        2016-09-21 02:16 - 2016-01-18 22:46 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
        2016-09-21 02:15 - 2016-06-17 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Update
        2016-09-21 02:15 - 2016-06-17 21:08 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\5C49B8C8-61EF-4E5B-8C10-8EA449C0DFB0
        2016-09-21 01:45 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
        2016-09-21 01:45 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2016-09-21 01:25 - 2016-06-17 22:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
        2016-09-19 19:07 - 2016-01-19 01:37 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\vlc
        2016-09-19 16:40 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
        2016-09-18 12:50 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
        2016-09-18 12:45 - 2016-01-19 11:53 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2973477095-2590050763-3533725863-1001
        2016-09-18 12:35 - 2016-06-13 15:20 - 00000000 ____D C:\Users\Ivan\Documents\KONAMI
        2016-09-18 12:17 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
        2016-09-18 11:48 - 2016-01-23 19:10 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\AIMP
        2016-09-17 13:29 - 2016-06-17 22:10 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2016-09-17 13:29 - 2016-06-17 22:10 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2016-09-16 13:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf
        2016-09-15 15:26 - 2016-01-24 13:37 - 00000000 ____D C:\ProgramData\KONAMI
        2016-09-15 12:42 - 2013-08-22 17:44 - 00479560 _____ C:\Windows\system32\FNTCACHE.DAT
        2016-09-15 00:40 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
        2016-09-15 00:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\setup
        2016-09-15 00:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\setup
        2016-09-14 13:34 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
        2016-09-14 13:34 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
        2016-09-14 13:30 - 2016-01-23 17:48 - 00000000 ____D C:\Windows\system32\MRT
        2016-09-14 13:16 - 2016-01-23 17:48 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2016-09-14 00:00 - 2016-01-19 11:44 - 00000000 ____D C:\Users\Ivan
        2016-09-13 16:39 - 2016-02-07 22:09 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2016-09-13 16:39 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
        2016-09-13 16:39 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\Macromed
        2016-09-10 11:38 - 2016-01-18 22:34 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
        2016-09-09 11:29 - 2016-01-18 22:54 - 00003396 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
        2016-09-09 11:29 - 2016-01-18 22:54 - 00003270 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
        2016-09-09 11:29 - 2016-01-18 22:54 - 00000998 _____ C:\Users\Public\Desktop\Gyazo.lnk
        2016-09-09 11:29 - 2016-01-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
        2016-09-09 11:29 - 2016-01-18 22:54 - 00000000 ____D C:\Program Files (x86)\Gyazo
        2016-09-08 15:40 - 2016-05-13 17:33 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\TeamViewer
        2016-09-08 15:40 - 2016-01-19 15:20 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DAEMON Tools Lite
        2016-09-08 15:39 - 2016-01-19 01:54 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps
        2016-09-07 04:11 - 2016-02-14 13:51 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
        2016-09-07 04:11 - 2016-02-14 13:51 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
        2016-09-04 21:26 - 2016-06-09 15:23 - 00004089 _____ C:\Users\Ivan\Documents\!!!.txt
        2016-09-03 12:32 - 2016-01-19 11:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2016-09-03 10:58 - 2016-01-26 23:21 - 00000000 ____D C:\ProgramData\Ubisoft
        2016-09-03 09:08 - 2014-11-21 10:38 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
        2016-09-02 21:10 - 2016-01-19 11:53 - 00000000 ____D C:\ProgramData\Package Cache
        2016-09-02 16:59 - 2014-11-21 11:14 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
        2016-09-02 16:59 - 2014-11-21 11:14 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
        2016-09-02 16:59 - 2014-11-21 11:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
        2016-09-02 16:59 - 2014-11-21 11:14 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
        2016-09-02 16:59 - 2013-08-22 14:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
        2016-09-02 16:59 - 2013-08-22 14:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
        2016-09-02 16:59 - 2013-08-22 14:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
        2016-09-02 16:59 - 2013-08-22 14:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
        2016-09-02 16:59 - 2013-08-22 14:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
        2016-09-02 16:59 - 2013-08-22 06:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
        2016-09-02 16:59 - 2013-08-22 06:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
        2016-09-02 16:59 - 2013-08-22 06:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
        2016-09-02 16:59 - 2013-08-22 06:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
        2016-09-02 16:59 - 2013-08-22 06:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
        2016-09-02 16:30 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
        2016-09-02 15:42 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\ELAMBKUP
        2016-09-01 21:19 - 2016-01-19 12:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
        2016-09-01 21:18 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\Help
        2016-09-01 21:17 - 2016-01-19 12:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
        2016-09-01 21:05 - 2016-01-18 22:19 - 00000000 ___RD C:\Program Files (x86)\Skype
        2016-09-01 21:05 - 2016-01-18 22:19 - 00000000 ____D C:\ProgramData\Skype
        2016-08-26 11:15 - 2016-05-13 17:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
        ==================== Files in the root of some directories =======
        1986-02-02 03:00 - 1986-02-02 03:00 - 0002243 _____ () C:\Users\Ivan\AppData\Roaming\BottleoCashew.RRa
        1989-01-04 03:00 - 1989-01-04 03:00 - 0049780 _____ () C:\Users\Ivan\AppData\Roaming\Cheapskate.9nv
        2016-01-19 12:09 - 2016-01-19 12:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
        Files to move or delete:
        ====================
        C:\Users\Ivan\AppData\Local\Temp\e.exe

        Some files in TEMP:
        ====================
        C:\Users\Ivan\AppData\Local\Temp\9RvXTu9V0eDR.exe
        C:\Users\Ivan\AppData\Local\Temp\e.exe
        C:\Users\Ivan\AppData\Local\Temp\HJcM1iWUVuae.exe
        C:\Users\Ivan\AppData\Local\Temp\kAFJQXGVAquA.exe
        C:\Users\Ivan\AppData\Local\Temp\Kw4zjno3VApW.exe
        C:\Users\Ivan\AppData\Local\Temp\Microsoft Toolkit.exe
        C:\Users\Ivan\AppData\Local\Temp\mlmWXcTapjsL.exe
        C:\Users\Ivan\AppData\Local\Temp\XcqM6lJSmi8U.exe

        ==================== Bamital & volsnap =================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

        LastRegBack: 2016-09-18 17:21
        ==================== End of FRST.txt ============================
        Addition.txt
         
      • от S0S
        Здравейте!!! Става въпрос за малко лаптопче 11 инча. От известно време се забелязва страшно забавяне на работата му , почти неизползваемо . Не знам дали е вирус защото гледам че има някаква антивирусна пр. Аваст. Затова Ви моля да проверите и да кажете. Благодаря!!!  Ето логовете :
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
        Ran by boy89 (administrator) on DZHEMAL (15-09-2016 19:43:27)
        Running from C:\Users\boy89\Desktop
        Loaded Profiles: boy89 (Available Profiles: boy89)
        Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
        Internet Explorer Version 11 (Default browser: IE)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
        (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
        () C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
        (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
        (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
        (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
        (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
        () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
        (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
        (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        (Intel Corporation) C:\Windows\System32\igfxTray.exe
        (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
        (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
        (Intel Corporation) C:\Windows\System32\igfxext.exe
        (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
        (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
        (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
        () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
        (Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
        (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe
        (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe
        () C:\Program Files (x86)\VIVACOM 3G USB MODEM\ModemListener.exe
        (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\Notifier.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
        () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
        (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
        (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
        () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
        (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
        (Awesomium Technologies) C:\Program Files (x86)\Steganos Online Shield\awesomium_process.exe
        (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
        (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
        (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe

        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-25] (Realtek Semiconductor)
        HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
        HKLM-x32\...\Run: [ModemListener] => C:\Program Files (x86)\VIVACOM 3G USB MODEM\ModemListener.exe [98304 2010-01-27] ()
        HKLM-x32\...\Run: [SOS Notifier] => C:\Program Files (x86)\Steganos Online Shield\Notifier.exe [3977736 2016-06-01] (Steganos Software GmbH)
        HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
        HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-11-09] (Spotify Ltd)
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\Run: [SOS_Agent] => C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe [6150672 2016-06-01] (Steganos Software GmbH)
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\Run: [SOS Browser Monitor] => C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe [1001520 2016-06-01] (Steganos Software GmbH)
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\RunOnce: [Uninstall C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\MountPoints2: D - "D:\SETUP.EXE" 
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\MountPoints2: {3c5e7846-4440-11e5-827d-2c600c0a64d6} - "E:\HTC_Sync_Manager_PC.exe" 
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\MountPoints2: {a3b9a0e3-339b-11e5-8279-2c600c0a64d6} - "E:\HTC_Sync_Manager_PC.exe" 
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\MountPoints2: {c37e12c4-1e69-11e5-8261-2c600c0a64d6} - "D:\SETUP.EXE" 
        ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-06-27] (Acer Incorporated)
        ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-06-27] (Acer Incorporated)
        ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-06-27] (Acer Incorporated)
        ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-08] (AVAST Software)
        Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-08-03]
        ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
        Tcpip\..\Interfaces\{5d553a61-a212-4b41-b703-8cb441e907f6}: [DhcpNameServer] 40.30.1.55
        Tcpip\..\Interfaces\{7527f244-cadf-43d7-a4ac-16d635584015}: [DhcpNameServer] 192.168.43.1
        Tcpip\..\Interfaces\{f1a74bac-3167-4b2a-bd59-e9bfeea5fbf7}: [DhcpNameServer] 8.8.8.8
        ManualProxies: 
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
        SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
        SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
        SearchScopes: HKU\S-1-5-21-435490545-1400898029-3557528175-1001 -> DefaultScope {CC5B2EFD-2655-11E5-826E-2C600C0A64D6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
        SearchScopes: HKU\S-1-5-21-435490545-1400898029-3557528175-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
        SearchScopes: HKU\S-1-5-21-435490545-1400898029-3557528175-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-435490545-1400898029-3557528175-1001 -> {CC5B2EFD-2655-11E5-826E-2C600C0A64D6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
        BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
        BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
        BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
        BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
        DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
        DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
        Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
        Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
        FireFox:
        ========
        FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
        FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
        FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
        FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
        FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-08-03] [not signed]
        FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-08]
        FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-08]
        FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
        FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        Chrome: 
        =======
        CHR Profile: C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default
        CHR Extension: (Google Docs) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
        CHR Extension: (Google Drive) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
        CHR Extension: (YouTube) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
        CHR Extension: (uBlock Origin) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-15]
        CHR Extension: (Google Search) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
        CHR Extension: (Avast SafePrice) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-11]
        CHR Extension: (Google Docs Offline) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
        CHR Extension: (Gmail) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
        CHR Extension: (Chrome Media Router) - C:\Users\boy89\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-06]
        CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
        ==================== Services (Whitelisted) ========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-08] (AVAST Software)
        R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
        R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
        R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-15] (Acer Incorporated)
        R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [File not signed]
        R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
        R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
        R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
        R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
        R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-29] (Intel Corporation)
        R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
        S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
        R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
        R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [341040 2016-06-01] (Steganos Software GmbH)
        R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
        R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
        R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
        R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
        S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ==========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-08] (AVAST Software)
        R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-08] (AVAST Software)
        R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-08] (AVAST Software)
        R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-08] (AVAST Software)
        R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-08] (AVAST Software)
        R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
        R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-08] (AVAST Software)
        R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-08] (AVAST Software)
        R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-08] (AVAST Software)
        R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
        S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
        S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
        S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
        R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
        S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
        S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
        R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
        R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-06-29] (DT Soft Ltd)
        R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
        R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
        R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
        S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-14] (Malwarebytes)
        R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
        R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
        R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
        R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-15 19:43 - 2016-09-15 19:44 - 00020773 _____ C:\Users\boy89\Desktop\FRST.txt
        2016-09-15 19:43 - 2016-09-15 19:43 - 00000000 ____D C:\FRST
        2016-09-15 19:41 - 2016-09-15 19:42 - 02398720 _____ (Farbar) C:\Users\boy89\Desktop\FRST64.exe
        2016-09-15 19:21 - 2016-09-15 19:25 - 03861056 _____ C:\Users\boy89\Downloads\adwcleaner_6.020.exe
        2016-09-15 19:19 - 2016-09-15 19:22 - 00000000 ____D C:\Users\boy89\AppData\Roaming\Geek Uninstaller
        2016-09-15 19:17 - 2016-09-15 19:18 - 02626201 _____ C:\Users\boy89\Downloads\geek.zip
        2016-09-13 22:08 - 2016-09-13 22:08 - 00000000 ____D C:\Users\boy89\Documents\ViberDownloads
        2016-09-08 00:13 - 2016-09-08 00:12 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
        2016-09-08 00:12 - 2016-09-08 00:12 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
        2016-09-07 20:06 - 2016-09-07 20:06 - 00000000 ___HD C:\$WINDOWS.~BT
        2016-08-30 21:41 - 2016-08-30 21:41 - 00020648 _____ C:\Users\boy89\Downloads\(18) Nikki Benz
        2016-08-30 19:08 - 2016-09-08 00:14 - 00044952 _____ () C:\WINDOWS\system32\Drivers\staport.sys
        2016-08-28 14:57 - 2016-08-28 14:57 - 00003326 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
        2016-08-19 14:01 - 2016-08-19 16:12 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
        2016-08-18 18:43 - 2016-08-18 18:43 - 00003404 _____ C:\WINDOWS\System32\Tasks\abDocsDllLoader
        2016-08-18 18:43 - 2016-08-18 18:43 - 00002026 _____ C:\Users\Public\Desktop\abDocs.lnk
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-15 19:37 - 2015-08-01 23:02 - 00000000 ____D C:\Users\boy89\AppData\Roaming\Skype
        2016-09-15 19:33 - 2015-06-30 22:36 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2016-09-15 19:33 - 2015-06-29 17:22 - 00000000 __SHD C:\Users\boy89\IntelGraphicsProfiles
        2016-09-15 19:32 - 2016-01-21 06:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2016-09-15 19:31 - 2016-07-23 20:00 - 00000000 ____D C:\AdwCleaner
        2016-09-15 19:31 - 2015-12-11 23:10 - 00000000 ____D C:\Program Files\Google
        2016-09-15 19:31 - 2015-10-30 09:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
        2016-09-15 19:31 - 2015-06-30 22:36 - 00000000 ____D C:\Program Files (x86)\Google
        2016-09-15 19:20 - 2015-06-30 22:36 - 00000000 ____D C:\Users\boy89\AppData\Local\Google
        2016-09-15 19:19 - 2015-06-30 22:36 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2016-09-15 18:42 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
        2016-09-15 18:42 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\AppReadiness
        2016-09-15 18:06 - 2015-10-30 10:11 - 00000000 ____D C:\WINDOWS\CbsTemp
        2016-09-15 17:28 - 2015-06-29 17:32 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E398F86D-1DEE-4B31-8C23-5127F29059CA}
        2016-09-14 22:48 - 2015-06-30 01:09 - 00000000 ____D C:\Users\boy89\AppData\LocalLow\Adblock Plus for IE
        2016-09-13 22:14 - 2016-04-24 23:23 - 00000000 ____D C:\Users\boy89\AppData\Roaming\ViberPC
        2016-09-13 14:49 - 2016-07-27 19:08 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
        2016-09-12 21:07 - 2015-06-29 17:22 - 00000000 ____D C:\Users\boy89\AppData\Local\Packages
        2016-09-11 19:35 - 2015-10-30 10:21 - 00000000 ____D C:\WINDOWS\INF
        2016-09-11 19:35 - 2015-08-05 09:58 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2016-09-10 01:07 - 2015-06-29 19:39 - 00000000 ____D C:\Users\boy89\AppData\Roaming\uTorrent
        2016-09-09 23:59 - 2016-06-27 01:42 - 00000000 ____D C:\Users\boy89\AppData\LocalLow\uTorrent
        2016-09-09 20:08 - 2016-07-27 19:37 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469637420
        2016-09-09 20:08 - 2016-07-27 19:37 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
        2016-09-08 00:13 - 2016-07-27 19:08 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
        2016-09-08 00:13 - 2016-07-27 19:08 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
        2016-09-08 00:13 - 2016-07-27 19:08 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
        2016-09-08 00:13 - 2016-07-27 19:08 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
        2016-09-08 00:13 - 2016-07-27 19:08 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
        2016-09-08 00:13 - 2016-07-27 19:08 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
        2016-09-08 00:13 - 2016-07-27 19:08 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
        2016-09-08 00:12 - 2016-07-27 19:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
        2016-09-08 00:12 - 2016-07-27 19:08 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
        2016-09-07 20:07 - 2016-01-21 08:10 - 00000000 ___DC C:\WINDOWS\Panther
        2016-09-06 11:48 - 2015-06-30 01:36 - 00000000 ____D C:\Filmi
        2016-09-05 11:40 - 2016-06-08 00:08 - 00000000 ____D C:\Users\boy89\AppData\Roaming\Steganos VPN
        2016-09-04 13:03 - 2015-06-29 17:33 - 00000000 ____D C:\Users\boy89\AppData\Local\CrashDumps
        2016-09-01 21:16 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
        2016-08-30 18:41 - 2015-08-01 23:02 - 00000000 ___RD C:\Program Files (x86)\Skype
        2016-08-28 14:57 - 2015-08-05 18:22 - 00002404 _____ C:\Users\boy89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2016-08-28 14:57 - 2015-06-30 18:29 - 00000000 ___RD C:\Users\boy89\OneDrive
        2016-08-18 18:59 - 2014-08-11 20:20 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
        2016-08-18 18:56 - 2015-06-29 17:23 - 00000000 ____D C:\Users\boy89\AppData\Local\clear.fi
        2016-08-18 18:43 - 2014-08-11 20:19 - 00000000 ____D C:\Program Files (x86)\Acer
        2016-08-18 18:41 - 2015-07-21 19:58 - 00003508 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
        2016-08-18 18:41 - 2014-08-11 20:25 - 00000000 ___HD C:\OEM
        ==================== Files in the root of some directories =======
        2015-06-29 19:25 - 2015-06-29 19:25 - 0070012 _____ () C:\Users\boy89\AppData\Roaming\ICSW_0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q1V1N1P1G1P1C1L1RtJ1V0C1F1H1B1R1F1C1P.txt
        2016-01-21 06:16 - 2016-01-21 06:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
        Some files in TEMP:
        ====================
        C:\Users\boy89\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
        C:\Users\boy89\AppData\Local\Temp\libeay32.dll
        C:\Users\boy89\AppData\Local\Temp\msvcr120.dll
        C:\Users\boy89\AppData\Local\Temp\sqlite3.dll

        ==================== Bamital & volsnap =================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

        LastRegBack: 2016-09-12 21:10
        ==================== End of FRST.txt ============================
         
         
        Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
        Ran by boy89 (15-09-2016 19:45:40)
        Running from C:\Users\boy89\Desktop
        Windows 10 Home Version 1511 (X64) (2016-01-21 03:53:08)
        Boot Mode: Normal
        ==========================================================

        ==================== Accounts: =============================
        Administrator (S-1-5-21-435490545-1400898029-3557528175-500 - Administrator - Disabled)
        boy89 (S-1-5-21-435490545-1400898029-3557528175-1001 - Administrator - Enabled) => C:\Users\boy89
        DefaultAccount (S-1-5-21-435490545-1400898029-3557528175-503 - Limited - Disabled)
        Guest (S-1-5-21-435490545-1400898029-3557528175-501 - Limited - Disabled)
        HomeGroupUser$ (S-1-5-21-435490545-1400898029-3557528175-1003 - Limited - Enabled)
        ==================== Security Center ========================
        (If an entry is included in the fixlist, it will be removed.)
        AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
        AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
        ==================== Installed Programs ======================
        (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
        µTorrent (HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
        abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
        abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
        abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
        abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
        Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
        Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
        Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
        Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.11.2000 - Acer Incorporated)
        Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
        Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
        Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
        Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
        Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
        Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
        Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
        Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
        AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2000.2 - Acer Incorporated)
        Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
        Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
        BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
        CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
        CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
        DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
        Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
        Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
        Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
        Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
        Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
        Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
        Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
        Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
        Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
        Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
        Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
        Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
        King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
        LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
        Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
        Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
        Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
        Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
        Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
        Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
        Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
        Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
        Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
        Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
        Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
        Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
        Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
        Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
        SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
        Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
        Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
        Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
        Steganos Online Shield (HKLM-x32\...\{896614ED-00BD-4E0C-99AB-01C76EE416D9}) (Version: 1.6.1 - Steganos Software GmbH)
        SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
        The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
        Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
        Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
        Viber (HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
        Viber (x32 Version: 6.0.1.5 - Viber Media Inc.) Hidden
        VIVACOM 3G USB MODEM (HKLM-x32\...\VIVACOM 3G USB MODEM ALCATEL_is1) (Version:  - Alcatel)
        Wajam (HKLM-x32\...\WajaIEn) (Version: 1.49.10.9 - Wajam) <==== ATTENTION
        WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
        WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
        Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
        Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
        ==================== Custom CLSID (Whitelisted): ==========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        CustomCLSID: HKU\S-1-5-21-435490545-1400898029-3557528175-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
        CustomCLSID: HKU\S-1-5-21-435490545-1400898029-3557528175-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
        ==================== Scheduled Tasks (Whitelisted) =============
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
        Task: {1310D648-1FA5-44ED-8096-F3EA6B0578E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-12] (Microsoft Corporation)
        Task: {2324A9A5-A83E-436C-A7D1-76D040C6A334} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
        Task: {4241DA34-628E-4A55-90F5-48D1C399B8A8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
        Task: {469DD2EC-E8BC-408F-A6D2-254AB2D1418E} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
        Task: {46C7D478-CA80-4E27-B20F-ADEFF566D938} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
        Task: {46D300E6-04E0-41A7-BB95-FA080C73EB4D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation)
        Task: {535B79EE-47AF-480C-84AD-842E1F62D2BF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
        Task: {58492909-350F-4307-828A-ABC6640E5135} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
        Task: {5BB79D70-FCF3-44EC-99C3-EF17814E7D8A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
        Task: {5DA2129E-E7A3-4565-81D8-DC83497FB072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
        Task: {60153068-D24A-45B0-87E2-854A2EC795B5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
        Task: {625FA757-9093-4BA3-BF9E-6688695B3BA2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
        Task: {691ACDC1-A169-484A-91C5-B40935B5D10D} - System32\Tasks\SafeZone scheduled Autoupdate 1469637420 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
        Task: {6D89A298-545A-4E82-A3A0-62FB2D494E3E} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
        Task: {82F4C7D0-0968-4375-B88F-F5463019576E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
        Task: {83567158-A814-452B-9206-B73FE53AA986} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
        Task: {93399F88-BC59-40FB-AC1E-452C038DAE00} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
        Task: {963C5540-B101-4B1C-82A0-1E9D4864307C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-08] (AVAST Software)
        Task: {972999A3-22CC-49D4-8AFB-A6267AE98A17} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-15] (Acer Incorporated)
        Task: {9A9C1711-DD04-4957-8175-B52732B4937C} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-06-27] (Acer)
        Task: {9B93D6F3-EB67-4B1F-9942-E27DA7D3F56C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
        Task: {BA92FAD6-F6EE-4AF3-810F-263B0547DB46} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
        Task: {CCDDEAAA-9BFD-4B9F-B0FA-D5B3E5086CF1} - System32\Tasks\{7A83B01C-4B65-4BD6-9150-FA9CE1232AF3} => pcalua.exe -a "C:\Games\Serious Sam\RegSetup.exe" -d "C:\Games\Serious Sam"
        Task: {D090A04F-FA4C-4D2C-B514-D27CDC855600} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
        Task: {DC8C561F-10A3-4EBD-8E3B-E75661B20DBA} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
        Task: {DEBD3C21-7D8C-4A8B-A1A2-F438BAC60134} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
        Task: {F28058BD-6EBB-4BFD-87C5-7807F0B53008} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
        Task: {FB31FA42-B02A-4345-A593-B3F5E53B57D1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
        (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
        Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        ==================== Shortcuts =============================
        (The entries could be listed to be restored or removed.)
        ShortcutWithArgument: C:\Users\boy89\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
        ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
        ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
        ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
        ==================== Loaded Modules (Whitelisted) ==============
        2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
        2015-11-17 18:10 - 2009-11-17 11:44 - 00040960 _____ () C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
        2014-08-11 20:26 - 2012-04-24 13:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
        2016-07-13 20:18 - 2016-07-01 07:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
        2016-07-13 20:18 - 2016-07-01 07:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
        2014-08-11 20:34 - 2014-07-02 00:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
        2016-08-28 14:55 - 2016-08-28 14:55 - 01864384 _____ () C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
        2016-01-21 12:07 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
        2016-07-13 20:21 - 2016-07-01 06:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
        2016-07-13 20:18 - 2016-07-01 06:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
        2016-07-13 20:18 - 2016-07-01 06:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
        2016-07-13 20:18 - 2016-07-01 06:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
        2016-07-13 20:18 - 2016-07-01 06:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
        2015-06-25 00:57 - 2015-06-25 00:57 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
        2015-11-17 18:10 - 2010-01-27 12:08 - 00098304 _____ () C:\Program Files (x86)\VIVACOM 3G USB MODEM\ModemListener.exe
        2016-04-19 14:35 - 2016-04-19 14:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
        2016-08-15 15:24 - 2016-08-15 15:24 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
        2016-09-08 00:12 - 2016-09-08 00:12 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
        2016-09-15 17:22 - 2016-09-15 17:22 - 03085624 _____ () C:\Program Files\AVAST Software\Avast\defs\16091500\algo.dll
        2016-09-08 00:12 - 2016-09-08 00:12 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
        2016-08-28 14:55 - 2016-08-28 14:55 - 01383616 _____ () C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
        2016-08-28 14:55 - 2016-08-28 14:55 - 00118976 _____ () C:\Users\boy89\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
        2016-07-27 19:07 - 2016-07-27 19:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
        2016-04-19 14:35 - 2016-04-19 14:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
        2016-04-19 14:35 - 2016-04-19 14:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
        2016-06-27 16:12 - 2016-06-27 16:12 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
        2016-06-27 16:12 - 2016-06-27 16:12 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
        2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
        2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
        2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
        2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
        2016-08-18 18:41 - 2016-08-18 18:41 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
        2016-08-15 14:36 - 2016-08-15 14:36 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
        2016-08-15 14:33 - 2016-08-15 14:33 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
        2016-04-01 17:17 - 2016-04-01 17:17 - 01102424 _____ () C:\Program Files (x86)\Steganos Online Shield\avcodec-53.dll
        2016-04-01 17:17 - 2016-04-01 17:17 - 00126040 _____ () C:\Program Files (x86)\Steganos Online Shield\avutil-51.dll
        2016-04-01 17:17 - 2016-04-01 17:17 - 00193624 _____ () C:\Program Files (x86)\Steganos Online Shield\avformat-53.dll
        ==================== Alternate Data Streams (Whitelisted) =========
        (If an entry is included in the fixlist, only the ADS will be removed.)

        ==================== Safe Mode (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
        ==================== Association (Whitelisted) ===============
        (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

        ==================== Internet Explorer trusted/restricted ===============
        (If an entry is included in the fixlist, it will be removed from the registry.)

        ==================== Hosts content: ===============================
        (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
        2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

        ==================== Other Areas ============================
        (Currently there is no automatic fix for this section.)
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\boy89\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
        DNS Servers: 192.168.43.1
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
        Windows Firewall is enabled.
        ==================== MSCONFIG/TASK MANAGER disabled items ==
        (Currently there is no automatic fix for this section.)
        HKLM\...\StartupApproved\Run32: => "SOS Notifier"
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\StartupApproved\Run: => "Skype"
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\StartupApproved\Run: => "Spotify Web Helper"
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\StartupApproved\Run: => "SOS_Agent"
        HKU\S-1-5-21-435490545-1400898029-3557528175-1001\...\StartupApproved\Run: => "SOS Browser Monitor"
        ==================== FirewallRules (Whitelisted) ===============
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
        FirewallRules: [{055AFBE6-3853-4C2A-A61B-01A3CA226610}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
        FirewallRules: [{236C18E2-745E-4D34-850C-FCDBF08165EC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
        FirewallRules: [{20A1A515-049C-47E4-9E13-3ACC00D17DE7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
        FirewallRules: [{31FA1EC2-1726-4056-B080-252F21F6CEE5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
        FirewallRules: [{99B54509-6962-4228-B43C-7DD088DC2125}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
        FirewallRules: [{E6097785-ADFB-4C43-B6A1-20CF8230A686}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
        FirewallRules: [{2CCAFA1A-91AC-40BC-B8BC-0698E24D8AE4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
        FirewallRules: [{16BB9AC3-5CFD-413F-8A2E-08E4F803E6A3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
        FirewallRules: [{91611679-48DF-48A0-8DA7-E7B3E16AAD70}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
        FirewallRules: [{8AB4144B-0282-47EE-8CC3-C1DC642B5980}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
        FirewallRules: [{48005A54-DDAF-46DF-BF84-738A7AB5F091}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
        FirewallRules: [{5D3C1AAA-565C-44F2-9D80-04EED00FEBF7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
        FirewallRules: [{43EF214D-EE1E-44D8-8D9D-758502406221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
        FirewallRules: [{2BC19579-2B53-4418-9EB1-11064772AFCD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
        FirewallRules: [{26CF3765-E7AD-4B50-B512-9B0C30A51054}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
        FirewallRules: [{9FE2DCD7-7072-4825-AF5C-0396B2CAC49A}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
        FirewallRules: [{5350266A-B147-4310-817E-E8D44D788C0B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
        FirewallRules: [{D72A1850-31AB-4E52-B868-92A54261FAF9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
        FirewallRules: [{9AE100B1-9E25-43B5-BC90-192518B121E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{EA7A4AC7-7751-4FF2-8D15-3A006B5AA38F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{415CAB79-986F-4F3D-A52D-709E35064828}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{3C549085-B1AE-41C8-ACE9-D4980695D786}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{16829967-5FD6-49D7-8A1E-5C491392CB06}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{24240B36-D7C0-46C6-94A3-C872ACA42E7A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{011093BA-B62F-470A-B23D-38B666A8E325}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{E41D4E23-E984-40BC-A5D7-BE08F498A921}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{A9D590FB-033C-4B0B-8CB0-FEC57DDB4D50}] => (Allow) C:\Users\boy89\AppData\Local\Chromium\Application\chrome.exe
        FirewallRules: [{2829E00E-5636-4B6F-A025-739ACB5E9C50}] => (Allow) C:\Users\boy89\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{3C360F59-69B2-4F8D-B2BD-128B0089FFD2}] => (Allow) C:\Users\boy89\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{F7635632-F9DB-44FD-B1DF-930F95E425F5}] => (Allow) C:\Users\boy89\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{35719AD3-3E14-4DDD-B3D1-500F3961A7DE}] => (Allow) C:\Users\boy89\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{FD3C3E2B-E6A2-49A9-A48A-6E10587429B6}] => (Allow) C:\Users\boy89\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{D9F09662-9A35-4972-8383-33F79B36FBBE}] => (Allow) C:\Users\boy89\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{F2B46E00-A3EA-4875-BC1D-31CADF654C56}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
        FirewallRules: [{A064036F-A850-4B22-AB83-5FFCE6DA21F9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
        FirewallRules: [{CA5ECDDA-5739-4CD1-8263-2C801763A324}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
        FirewallRules: [{6740A508-8857-48DC-9700-ADFB0BDFA234}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
        FirewallRules: [{21227D63-C243-4691-9546-A817DD9743D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{AAB830A3-69B9-4AFC-8E6C-29E69446C7D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{D1ECB7DC-A677-4A35-B565-65A01791D757}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{3AFF059C-3FE3-4CA6-8D72-984E08151E46}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{5CAF6DD9-8978-4509-ABD0-92C455C77729}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{8EC3ECCA-1627-4EF1-8C25-1D8A8328AFFE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
        FirewallRules: [{4AB3D289-5BCB-4036-B0EE-050769CDBB60}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [{3BB89F3F-B55E-4E21-8EF9-BAAB46580244}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
        FirewallRules: [TCP Query User{F1D9A879-05BF-4AC1-AC8C-D44FE3B3F857}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
        FirewallRules: [UDP Query User{11944E0E-E45B-4D18-9F53-76D79EB74B1F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
        FirewallRules: [TCP Query User{035F0F89-F761-42C1-9CFB-B68CEF2081EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
        FirewallRules: [UDP Query User{19E763EC-78A0-4013-A474-3E59C07CC445}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
        FirewallRules: [{AB022CF9-435A-487F-963E-D638C0115FFC}] => (Allow) C:\Users\boy89\AppData\Roaming\Steganos\OnlineShield\Proxy\node.exe
        FirewallRules: [TCP Query User{4F5EF13D-A1A4-42A4-9A88-A5ABC14CFC9A}C:\games\serious sam\bin\serioussam.exe] => (Block) C:\games\serious sam\bin\serioussam.exe
        FirewallRules: [UDP Query User{590EFD25-D32D-41CE-9C16-0BB83F352AE7}C:\games\serious sam\bin\serioussam.exe] => (Block) C:\games\serious sam\bin\serioussam.exe
        FirewallRules: [{847B8F37-3F2F-47E3-B677-A4561F2757EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Restore Points =========================
        30-08-2016 18:38:56 ASU_MSI_TRAN
        09-09-2016 20:51:51 Scheduled Checkpoint
        ==================== Faulty Device Manager Devices =============

        ==================== Event log errors: =========================
        Application errors:
        ==================
        Error: (09/15/2016 07:39:17 PM) (Source: DptfEvent) (EventID: 2) (User: )
        Description: DptfPolicyLpmServiceHelper
        WinMain:  CreateSharedMemory() failed.
        Session ID = 1
        Error: (09/15/2016 07:39:17 PM) (Source: DptfEvent) (EventID: 3) (User: )
        Description: DptfPolicyLpmServiceHelper
        CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
        Last error = [0x00000102]
        Session ID = 1
        Error: (09/15/2016 05:26:58 PM) (Source: DptfEvent) (EventID: 2) (User: )
        Description: DptfPolicyLpmServiceHelper
        WinMain:  CreateSharedMemory() failed.
        Session ID = 1
        Error: (09/15/2016 05:26:58 PM) (Source: DptfEvent) (EventID: 3) (User: )
        Description: DptfPolicyLpmServiceHelper
        CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
        Last error = [0x00000102]
        Session ID = 1
        Error: (09/15/2016 12:20:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DZHEMAL)
        Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
        Error: (09/15/2016 12:20:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DZHEMAL)
        Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
        Error: (09/13/2016 09:27:38 PM) (Source: Perflib) (EventID: 1008) (User: )
        Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
        Error: (09/13/2016 02:48:09 PM) (Source: DptfEvent) (EventID: 2) (User: )
        Description: DptfPolicyLpmServiceHelper
        WinMain:  CreateSharedMemory() failed.
        Session ID = 1
        Error: (09/13/2016 02:48:09 PM) (Source: DptfEvent) (EventID: 3) (User: )
        Description: DptfPolicyLpmServiceHelper
        CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
        Last error = [0x00000102]
        Session ID = 1
        Error: (09/12/2016 09:11:41 PM) (Source: Perflib) (EventID: 1008) (User: )
        Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

        System errors:
        =============
        Error: (09/15/2016 07:36:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
        Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
        Error: (09/15/2016 07:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
        Description: The Windows Search service failed to start due to the following error: 
        The service did not start due to a logon failure.
        Error: (09/15/2016 07:31:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
        Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
        The request is not supported.

        To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
        Error: (09/15/2016 07:31:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
        Description: The User Data Access_3d46b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
        Error: (09/15/2016 07:31:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
        Description: The User Data Storage_3d46b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
        Error: (09/15/2016 07:31:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
        Description: The Contact Data_3d46b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
        Error: (09/15/2016 07:31:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
        Description: The Sync Host_3d46b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
        Error: (09/15/2016 07:30:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
        Description: The User Experience Improvement Program service terminated unexpectedly. It has done this 1 time(s).
        Error: (09/15/2016 07:30:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
        Description: The CCDMonitorService service terminated unexpectedly. It has done this 1 time(s).
        Error: (09/15/2016 07:30:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
        Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

        CodeIntegrity:
        ===================================
          Date: 2016-09-01 22:22:14.051
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-08-13 09:43:18.349
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-08-13 09:40:26.768
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-07-17 08:47:50.997
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-07-14 18:26:21.820
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-06-22 20:22:36.851
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-06-21 18:27:07.315
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-06-21 18:25:18.202
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-06-18 17:09:59.415
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2016-05-16 17:27:15.847
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

        ==================== Memory info =========================== 
        Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
        Percentage of memory in use: 37%
        Total physical RAM: 3977.7 MB
        Available physical RAM: 2478.57 MB
        Total Virtual: 5193.7 MB
        Available Virtual: 3762.77 MB
        ==================== Drives ================================
        Drive c: (Acer) (Fixed) (Total:450.73 GB) (Free:187.6 GB) NTFS
        Drive d: (Office2013-PPVL-x86-Jun2014) (CDROM) (Total:1.95 GB) (Free:0 GB) UDF
        ==================== MBR & Partition Table ==================
        ========================================================
        Disk: 0 (Size: 465.8 GB) (Disk ID: 7EA01957)
        Partition: GPT.
        ==================== End of Addition.txt ============================
      • от Rado Lichev
        Здравейте, от известно време доставчикът ми ме бомбардира с мейли, че компютъра ми е заразен, цитирам:
        We would like to draw your attention to the fact that your computer most likely has a virus and it is being used for illegal purposes, such as sending SPAM. We ask you to perform an Anti-virus scan or to install one on your computer. Не съм забелязал и най-малкия проблем в работата на компютъра ми, което не значи, че няма нищо, разбира се.
        Освен това съм сигурен, че мейлите идват от доставчика ми, а не е спам.
        Ето и логовете:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
        Ran by GALA (administrator) on GALA-PC (12-09-2016 14:54:11)
        Running from C:\Users\GALA\Desktop
        Loaded Profiles: GALA (Available Profiles: GALA)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 8 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
        (brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
        (brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
        (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
        HKU\S-1-5-21-2426219059-3806164496-1543818701-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-09-10] (Piriform Ltd)
        HKU\S-1-5-21-2426219059-3806164496-1543818701-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
        ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
        BootExecute: autocheck autochk *  
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{B5CF2873-04C2-4421-B2D9-83838A6A6C9A}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-2426219059-3806164496-1543818701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/
        SearchScopes: HKU\S-1-5-21-2426219059-3806164496-1543818701-1001 -> DefaultScope {6336652F-560D-4536-B786-BCD8D4A174E1} URL = hxxps://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2426219059-3806164496-1543818701-1001 -> {6336652F-560D-4536-B786-BCD8D4A174E1} URL = hxxps://www.google.com/search?q={searchTerms}
        Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
        Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
        Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
        Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
        FireFox:
        ========
        FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-10] ()
        FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
        FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.)
        FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
        FF Plugin HKU\S-1-5-21-2426219059-3806164496-1543818701-1001: @hola.org/vlc,version=1.7.598 -> C:\Users\GALA\AppData\Local\Hola\firefox\app\vlc [2015-04-23] ()
        FF Plugin HKU\S-1-5-21-2426219059-3806164496-1543818701-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\GALA\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2426219059-3806164496-1543818701-1001: @talk.google.com/O1DPlugin -> C:\Users\GALA\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2426219059-3806164496-1543818701-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GALA\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
        FF Plugin HKU\S-1-5-21-2426219059-3806164496-1543818701-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GALA\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
        FF Plugin HKU\S-1-5-21-2426219059-3806164496-1543818701-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
        FF Plugin ProgramFiles/Appdata: C:\Users\GALA\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin ProgramFiles/Appdata: C:\Users\GALA\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        Chrome: 
        =======
        CHR StartupUrls: Default -> "hxxps://www.google.bg/"
        CHR Profile: C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default
        CHR Extension: (Google Slides) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-20]
        CHR Extension: (Google Docs) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
        CHR Extension: (Google Drive) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
        CHR Extension: (YouTube) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
        CHR Extension: (Google Search) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
        CHR Extension: (Google Sheets) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-20]
        CHR Extension: (Google Docs Offline) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
        CHR Extension: (Gmail) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
        CHR Extension: (Chrome Media Router) - C:\Users\GALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
        ==================== Services (Whitelisted) ========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2014-04-30] (brother Industries Ltd) [File not signed]
        R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
        R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ==========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-15] (Disc Soft Ltd)
        S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
        R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-12-01] (Glarysoft Ltd)
        S3 MAUSBPRODUCER; C:\Windows\System32\DRIVERS\MAudioProducer.sys [187912 2010-03-08] (Avid Technology, Inc.)
        R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
        R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
        R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-08-31] (Duplex Secure Ltd.)
        U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        U0 aswVmm; no ImagePath
        S3 VGPU; System32\drivers\rdvgkmd.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-12 14:54 - 2016-09-12 14:54 - 00009843 _____ C:\Users\GALA\Desktop\FRST.txt
        2016-09-12 14:53 - 2016-09-12 14:54 - 00000000 ____D C:\FRST
        2016-09-12 14:53 - 2016-09-12 14:53 - 02398720 _____ (Farbar) C:\Users\GALA\Desktop\FRST64.exe
        2016-09-12 13:46 - 2016-09-12 13:46 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
        2016-09-12 13:46 - 2016-09-12 13:46 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
        2016-09-12 13:46 - 2016-09-12 13:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
        2016-09-12 13:46 - 2016-09-12 13:46 - 00000000 ____D C:\Program Files\Common Files\AV
        2016-09-11 15:41 - 2016-09-11 15:51 - 00039476 _____ C:\Users\GALA\Desktop\cafes.pdf
        2016-09-11 08:01 - 2016-09-11 08:01 - 00119008 _____ C:\Users\GALA\AppData\Local\GDIPFONTCACHEV1.DAT
        2016-09-11 08:00 - 2016-09-11 08:01 - 05148360 _____ C:\Windows\system32\FNTCACHE.DAT
        2016-09-10 11:49 - 2016-09-10 11:49 - 00272409 _____ C:\Windows\SysWOW64\TmpA2726008
        2016-09-10 10:28 - 2016-09-12 13:55 - 00000000 ____D C:\ProgramData\Comodo
        2016-09-09 21:15 - 2016-09-09 21:15 - 00439867 _____ C:\Users\GALA\Desktop\IMSLP272385-PMLP245136-Kreisler-ThreeVienneseDancesVN.pdf
        2016-09-09 09:56 - 2016-09-09 09:56 - 00000000 ____D C:\Users\GALA\AppData\Local\CEF
        2016-09-09 09:49 - 2016-09-09 10:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
        2016-09-07 20:39 - 2016-09-07 20:40 - 00000000 ____D C:\Users\GALA\Desktop\suppleance musique
        2016-09-07 15:31 - 2016-09-07 15:31 - 00230457 _____ C:\Users\GALA\Desktop\Marlena_de_Blasi_-_Hiljada_dni_v_Toskana_-7720-b.txt.zip
        2016-09-07 08:38 - 2016-09-07 08:38 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
        2016-09-07 08:36 - 2016-09-07 08:36 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Leadertech
        2016-09-07 07:18 - 2016-09-07 07:31 - 00000000 ____D C:\Users\GALA\AppData\Local\PACE Anti-Piracy
        2016-09-07 07:07 - 2003-03-18 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71DEU.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ITA.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71FRA.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ESP.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ENU.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71KOR.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71JPN.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHT.DLL
        2016-09-07 07:07 - 2003-03-18 21:44 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHS.DLL
        2016-09-07 07:07 - 2003-03-18 20:05 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
        2016-09-07 07:07 - 2002-01-05 05:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
        2016-09-07 07:07 - 2001-06-27 10:13 - 00217088 _____ C:\Windows\SysWOW64\qtmlClient.dll
        2016-09-07 06:59 - 2016-09-09 12:42 - 01099080 _____ (Sysinternals - www.sysinternals.com) C:\Users\GALA\Desktop\procexp64.exe
        2016-09-06 20:38 - 2016-09-06 20:38 - 00020076 _____ C:\Users\GALA\Desktop\Untitled 1.odt
        2016-09-05 10:49 - 2016-09-05 10:57 - 00021902 _____ C:\Users\GALA\Desktop\Miraculous_Ladybug.mscz
        2016-09-04 14:05 - 2016-09-04 14:26 - 00000000 ____D C:\Users\GALA\AppData\Local\Ultralingua7
        2016-09-04 14:05 - 2016-09-04 14:05 - 00000000 ____D C:\ProgramData\Ultralingua7
        2016-09-04 10:30 - 2016-09-04 10:30 - 00019837 _____ C:\Users\GALA\Desktop\Wonderful_Tonightt_Clapton - Violin.pdf
        2016-09-04 10:30 - 2016-09-04 10:30 - 00017568 _____ C:\Users\GALA\Desktop\Score-2012-Hockey Night - Violin.pdf
        2016-09-03 18:33 - 2016-09-03 18:33 - 00000000 ____D C:\Users\GALA\AppData\Local\Avid
        2016-09-03 18:19 - 2016-09-03 18:19 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Avid
        2016-09-03 18:18 - 2016-09-03 18:19 - 00000000 ____D C:\Program Files\Common Files\Avid
        2016-09-03 18:16 - 2016-09-03 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
        2016-09-03 18:16 - 2016-09-03 18:49 - 00000000 ____D C:\Program Files (x86)\Avid
        2016-09-03 18:15 - 2016-09-03 18:19 - 00000000 ____D C:\Program Files\Avid
        2016-08-30 23:29 - 2016-08-30 23:56 - 00041160 _____ C:\Users\GALA\Desktop\obyava.pdf
        2016-08-30 15:00 - 2016-08-30 15:00 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
        2016-08-30 15:00 - 2016-08-30 15:00 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
        2016-08-30 00:36 - 2016-08-30 00:37 - 00032554 _____ C:\Users\GALA\Downloads\NYregents.pdf
        2016-08-24 14:41 - 2016-08-24 14:41 - 00185171 _____ C:\Users\GALA\Desktop\montreal-2016-08-31.pdf
        2016-08-24 14:30 - 2016-08-29 14:40 - 00000000 ____D C:\Users\GALA\Desktop\New folder (2)
        2016-08-24 10:02 - 2016-08-24 12:17 - 00000000 ____D C:\Users\GALA\Desktop\BG 2016
        2016-08-23 18:04 - 2016-08-23 18:04 - 00238412 _____ C:\Users\GALA\Desktop\Critères d'évaluation.pdf
        2016-08-23 18:02 - 2016-08-23 18:02 - 00393257 _____ C:\Users\GALA\Desktop\Convocation 14 septembre 2016-11h00.pdf
        2016-08-22 11:12 - 2016-08-22 11:13 - 00059396 _____ C:\Users\GALA\Desktop\Demande_nouvel_avis_adm_conditionnelle_FR.pdf
        2016-08-21 14:40 - 2016-08-21 14:40 - 00000000 ____D C:\Users\GALA\AppData\LocalLow\uTorrent
        2016-08-21 14:37 - 2016-08-21 14:37 - 00000919 _____ C:\Users\GALA\Desktop\FL Studio 12 (64bit).lnk
        2016-08-21 13:39 - 2016-08-21 14:14 - 646524744 _____ (Image-Line) C:\Users\GALA\Downloads\flstudio_12.3.exe
        2016-08-21 13:34 - 2016-08-21 13:34 - 00000000 ____D C:\Users\GALA\Downloads\FL Studio 12.3
        2016-08-21 13:33 - 2016-08-21 13:33 - 00013455 _____ C:\Users\GALA\Downloads\[rutracker.org].t5262937.torrent
        2016-08-21 13:15 - 2016-08-21 13:15 - 00005603 _____ C:\Users\GALA\Downloads\FL5tud1o123licencekeyCrack.zip
        2016-08-17 17:51 - 2016-08-17 17:51 - 00000000 ____D C:\Users\GALA\AppData\Local\Apple Computer
        2016-08-17 11:32 - 2016-09-10 11:58 - 00000000 ____D C:\Users\GALA\AppData\Local\Apple
        2016-08-17 11:32 - 2016-08-17 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
        2016-08-17 11:32 - 2016-08-17 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
        2016-08-17 11:32 - 2016-08-17 11:32 - 00000000 ____D C:\ProgramData\Apple
        2016-08-16 20:07 - 2016-08-28 21:18 - 00016384 ___SH C:\Users\GALA\Documents\Thumbs.db
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-12 14:44 - 2016-02-02 08:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
        2016-09-12 14:44 - 2014-09-24 01:11 - 00000000 ____D C:\ProgramData\AVAST Software
        2016-09-12 14:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
        2016-09-12 14:43 - 2014-09-24 09:44 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Skype
        2016-09-12 14:15 - 2015-04-14 15:55 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Free Download Manager
        2016-09-12 14:03 - 2016-02-02 08:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
        2016-09-12 14:00 - 2014-09-24 09:44 - 00000000 ___RD C:\Program Files (x86)\Skype
        2016-09-12 14:00 - 2014-09-24 09:44 - 00000000 ____D C:\ProgramData\Skype
        2016-09-12 13:45 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
        2016-09-12 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
        2016-09-12 10:26 - 2016-03-11 22:26 - 00000000 ____D C:\Users\GALA\AppData\Roaming\MuseScore
        2016-09-12 07:16 - 2009-07-14 01:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
        2016-09-11 22:01 - 2009-07-14 00:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2016-09-11 22:01 - 2009-07-14 00:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2016-09-11 17:27 - 2015-10-12 19:37 - 00000000 ____D C:\Users\GALA\AppData\Roaming\MPC-HC
        2016-09-11 14:03 - 2015-10-31 15:15 - 00000000 ____D C:\Users\GALA\AppData\Roaming\TeamViewer
        2016-09-10 11:59 - 2015-03-15 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
        2016-09-10 11:58 - 2015-08-22 14:57 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
        2016-09-10 11:52 - 2014-09-24 20:45 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Adobe
        2016-09-10 11:50 - 2015-03-17 12:20 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Steinberg
        2016-09-10 11:49 - 2015-03-17 12:14 - 00000000 ____D C:\Program Files (x86)\Steinberg
        2016-09-10 11:44 - 2015-03-15 17:16 - 00000000 ____D C:\ProgramData\Overloud
        2016-09-10 11:44 - 2015-03-15 17:16 - 00000000 ____D C:\ProgramData\Cakewalk
        2016-09-09 07:06 - 2015-08-20 09:46 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2016-09-07 20:34 - 2009-07-14 01:13 - 00954788 _____ C:\Windows\system32\PerfStringBackup.INI
        2016-09-07 08:51 - 2015-08-14 19:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2016-09-07 08:40 - 2015-06-01 17:06 - 00000000 ___HD C:\Users\GALA\AppData\Local\MS3Do2HXJyJVG
        2016-09-07 07:33 - 2015-11-14 13:47 - 00000000 ___HD C:\Users\GALA\AppData\Local\PmR5C87O1JMCS
        2016-09-07 07:33 - 2015-10-15 04:37 - 00000000 ___HD C:\Users\GALA\AppData\Local\2b5fSJ2TSbE
        2016-09-07 07:32 - 2015-03-23 15:58 - 00000000 ____D C:\Users\GALA\AppData\Roaming\PACE Anti-Piracy
        2016-09-07 07:32 - 2015-03-23 15:58 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
        2016-09-07 07:32 - 2014-09-22 08:18 - 00000000 ___HD C:\Users\GALA\AppData\Local\HYmsjrt8n1g
        2016-09-06 11:56 - 2015-08-31 22:24 - 00029356 _____ C:\Users\GALA\Desktop\Pisma.odt
        2016-09-05 23:02 - 2015-05-09 23:55 - 00011264 _____ C:\Users\GALA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-09-03 18:22 - 2015-07-16 12:28 - 00000000 ____D C:\ProgramData\Avid
        2016-08-30 15:01 - 2014-10-12 08:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
        2016-08-30 10:20 - 2015-01-26 10:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2016-08-28 20:37 - 2016-02-19 23:00 - 00000000 ____D C:\Users\GALA\AppData\Roaming\PhotoScape
        2016-08-28 20:37 - 2014-10-23 22:14 - 00000000 ____D C:\Users\GALA\AppData\Roaming\uTorrent
        2016-08-28 20:13 - 2015-03-25 15:38 - 00019456 ____H C:\Users\GALA\Desktop\photothumb.db
        2016-08-21 14:37 - 2015-02-11 00:31 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
        2016-08-21 14:36 - 2015-04-25 09:25 - 00000000 ____D C:\Users\GALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
        2016-08-21 14:36 - 2015-04-25 09:25 - 00000000 ____D C:\Program Files\Image-Line
        2016-08-21 14:36 - 2015-04-25 09:17 - 00000000 ____D C:\Program Files (x86)\Image-Line
        2016-08-16 20:07 - 2016-03-26 23:50 - 00000000 ____D C:\Users\GALA\Documents\ViberDownloads
        2016-08-16 20:07 - 2014-09-24 01:03 - 00000000 ____D C:\Users\GALA
        2016-08-16 20:06 - 2015-10-08 08:40 - 00000000 ____D C:\Users\GALA\Desktop\Za carkvata
        2016-08-16 11:28 - 2015-01-26 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
        ==================== Files in the root of some directories =======
        2005-12-08 22:51 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
        2014-10-26 02:12 - 2014-10-26 02:12 - 0000191 _____ () C:\Users\GALA\AppData\Roaming\.lirecouleur
        2015-07-16 12:28 - 2016-09-03 18:16 - 1168302 _____ () C:\Users\GALA\AppData\Roaming\AvidApplicationManagerHelper_Install.log
        2014-10-06 13:49 - 2015-03-04 12:01 - 0000040 _____ () C:\Users\GALA\AppData\Roaming\cdr.ini
        2015-03-31 13:10 - 2015-03-31 19:44 - 0000016 _____ () C:\Users\GALA\AppData\Roaming\msregsvv.dll
        2015-01-25 10:59 - 2015-01-25 10:59 - 0133632 _____ () C:\Users\GALA\AppData\Roaming\WINBIN.PAK
        2015-05-09 23:55 - 2016-09-05 23:02 - 0011264 _____ () C:\Users\GALA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-08-12 21:42 - 2016-08-12 21:42 - 0000843 _____ () C:\Users\GALA\AppData\Local\recently-used.xbel
        2016-01-01 13:55 - 2016-01-01 13:55 - 0007597 _____ () C:\Users\GALA\AppData\Local\Resmon.ResmonCfg
        2015-03-31 13:10 - 2015-03-31 19:44 - 0000016 _____ () C:\ProgramData\autobk.inc
        ==================== Bamital & volsnap =================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll
        [2010-11-20 23:24] - [2014-09-24 01:03] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
        C:\Windows\SysWOW64\User32.dll
        [2010-11-20 23:24] - [2014-09-24 01:03] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

        LastRegBack: 2016-09-05 00:18
        ==================== End of FRST.txt ============================
        Благодаря!
        Addition.txt
      • от Stoicho.k7
        Правя тази тема във връзка с този съвет -
        "Здравейте,
        до вчера нямах проблеми, но днес като включих Google Chrome и се опитах да вляза в профила ми в един посещаван от мен сайт, забелязах, че нямам достъп до него, в последствие разбрах, че профила е откраднат от друг човек.. По принцип съм предпазлив и за пръв път ми се случва този проблем.
        След това, забелязах че самия Google Chrome ми се струва някак променен и на мястото за линковете имам удивителна, става въпрос за това -
        .
        ___


        Доста различно ми се струва и при писането на линкове и подсетката им под полето и т.н.
        За щастие, както казах съм предпазлив и са успяли само този въпросен профил да откраднат, иначе видях, че са се опитали да "хакнат" и други мои профили, но не са успяли..


        Ако съм пуснал темата в грешния раздел, се извинявам и моля да бъдете преместена в правилния.

        Предварително благодаря за помощта."

        и 

        " Не въпроса не е там.. Нямам предвид самото предупреждение, ами че преди, да ми разберат паролата за профила, който ми откраднаха го нямаше и по-различен начин ми се изобразяваха примерно подсказките за линкове, под полето за въвеждане на линкове. Иначе профила в Google и други важни профили, не мисля че имат достъп до тях и не знаят паролите, тъй като на всеки профил във всеки сайт съм с различна парола и то паролите са ми СЛОЖНИ..

        Като цяло, публикувах тази тема, за да разбера дали имам някакъв остатъчен проблем, защото нещата ми изглеждат различни.. 
        Преинсталирах Chrome-а, трих историята и връщах настройките по Default, не си остава така, няма промяна. "
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
        Ran by Maria (administrator) on MARIA-PC (18-09-2016 11:08:00)
        Running from C:\Users\Maria\Downloads
        Loaded Profiles: Maria (Available Profiles: Maria)
        Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
        (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
        (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
        (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
        (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        (Intel Corporation) C:\Windows\System32\igfxtray.exe
        (Intel Corporation) C:\Windows\System32\hkcmd.exe
        (Intel Corporation) C:\Windows\System32\igfxpers.exe
        (Viber Media S.à r.l.) C:\Users\Maria\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
        (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
        (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
        (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
        (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
        () C:\Program Files (x86)\watchmi\TvdTray.exe
        (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
        () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
        (X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
        (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
        (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
        (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
        (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\osk.exe

        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation)
        HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-12-12] (Synaptics Incorporated)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-12-12] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-12-12] (Realtek Semiconductor)
        HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
        HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
        HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-12-12] (Renesas Electronics Corporation)
        HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
        HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-05] (Wistron)
        HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-05] (Wistron Corp.)
        HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-12] (Wistron Corp.)
        HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-04-14] (CyberLink)
        HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-04-14] (CyberLink Corp.)
        HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
        Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
        HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\Run: [Viber] => C:\Users\Maria\AppData\Local\Viber\Viber.exe [72586832 2016-08-10] (Viber Media S.à r.l.)
        HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
        HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {36cbb134-6038-11e3-ab62-00262dcb26f7} - F:\SETUP.EXE
        HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {4339173f-600a-11e3-af29-00262dcb26f7} - F:\Start.exe
        HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {6968120d-d786-11dd-a6b3-00262dcb26f7} - I:\LGAutoRun.exe
        AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
        AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation)
        Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2013-12-08]
        ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe (Acresso Software Inc.)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{4BCFF095-6E1B-4083-8FB3-35C41610CAF9}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
        BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
        BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
        BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
        Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
        Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
        Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
        FireFox:
        ========
        FF ProfilePath: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\dbbhtf5g.default
        FF Homepage: hxxp://www.google.com/
        FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
        FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
        FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
        FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-18] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-18] (Google Inc.)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
        FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-27]
        FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-27]
        FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-27]
        FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-27]
        FF Extension: (Video DownloadHelper) - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\dbbhtf5g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-12]
        FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
        Chrome: 
        =======
        CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
        CHR Extension: (Google Презентации) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
        CHR Extension: (Google Документи) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
        CHR Extension: (Google Диск) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
        CHR Extension: (YouTube) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-17]
        CHR Extension: (Google Документи офлайн) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
        CHR Extension: (Gmail) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
        CHR Extension: (Chrome Media Router) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
        CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-18]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-18]
        CHR Extension: (Chrome Media Router) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]
        CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-18] <==== ATTENTION
        CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
        ==================== Services (Whitelisted) ========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
        R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
        R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
        R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
        R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
        S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2000-01-01] (Intel Corporation)
        R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
        S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
        R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
        R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
        S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
        S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
        S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
        R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-12-12] () [File not signed]
        S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-05] (Wistron Corp.)
        R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
        R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
        ===================== Drivers (Whitelisted) ==========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
        S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [158464 2013-12-08] (ITE                      )
        S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-17] (Malwarebytes)
        R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
        R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
        S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
        R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2000-01-01] (Realtek Semiconductor Corp.)
        S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-19] ()
        S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2009-07-20] (Swisscom)
        S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [384808 2009-07-20] (Swisscom)
        R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
        S1 ArcSec; system32\drivers\ArcSec.sys [X]
        S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
        ========================== Drivers MD5 =======================
        C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
        C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
        C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
        C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
        C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
        C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
        C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
        C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
        C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
        C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
        C:\Windows\System32\DRIVERS\AMPPAL.sys 9C385432C11AECC647E8D0BC7663AB48
        C:\Windows\System32\DRIVERS\amppal.sys 9C385432C11AECC647E8D0BC7663AB48
        C:\Windows\system32\drivers\appid.sys 52F8C264D3BF90D2726FDE6642A381D4
        C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
        C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
        C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
        C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
        C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
        C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
        C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
        C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
        C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
        C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
        C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
        C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
        C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
        C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
        C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
        C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
        C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
        C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
        C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
        C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
        C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
        C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
        C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
        C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
        C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
        C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
        C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
        C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
        C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
        C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
        C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
        C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
        C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
        C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
        C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
        C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
        C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
        C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
        C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
        C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
        C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
        C:\Windows\System32\drivers\RTKVHD64.sys A5F7CEF8A939EBE270462EDEFD629F20
        C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
        C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
        C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
        C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
        C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
        C:\Windows\System32\Drivers\IT9135BDA.sys 00CB3B7A1B166B425F9A330CA51E3568
        C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
        C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
        C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\L1C62x64.sys 6DD5383C9413AAE3113FAF89E345663D
        C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
        C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
        C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
        C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
        C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
        C:\Windows\System32\DRIVERS\MpFilter.sys DA0FAEE45D6F03D7647851A20977A7D0
        C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
        C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
        C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
        C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
        C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
        C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
        C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
        C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
        C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
        C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
        C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
        C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
        C:\Windows\System32\DRIVERS\NETwsw00.sys 3184D1564F9970F4EC81AF0347AD42B7
        C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6D79C8CB73187FBEAAD1F680FADF98D3
        C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
        C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
        C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\nvlddmkm.sys B67A5ECFA7043F3CE21CBA39B2682976
        C:\Windows\System32\DRIVERS\nvpciflt.sys BA2E0DDBBF6CE6F0A8587AF789134DA2
        C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
        C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
        C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys DEF76B479C3525952D0BD71E881E07B0
        C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
        C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
        C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
        C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
        C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
        C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
        C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
        C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
        C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
        C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
        C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
        C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
        C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
        C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\RTSUVSTOR.sys CE0A1D8A59410E698140821E4E69DA0D
        C:\Windows\System32\DRIVERS\rtcrfilt64.sys E6458C9289160F440AC40D62926B39A6
        C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
        C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
        C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
        C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
        C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
        C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\SWDUMon.sys 9CFEFD62D86DABFAC12D1C5ED72BA6A4
        C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\SynTP.sys B3AD15FA10EBEAFC1275F34050E4E230
        C:\Windows\System32\DRIVERS\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B
        C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
        C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
        C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
        C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
        C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
        C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
        C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\tihub3.sys DA632FAE7B5629032B2C24E1BE29168B
        C:\Windows\System32\DRIVERS\tixhci.sys 6AAD465F69632931B6D8D61B287E6DE9
        C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
        C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
        C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
        C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
        C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
        C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
        C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
        C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
        C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
        C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
        C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
        C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
        C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
        C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
        C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
        C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
        C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
        C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
        C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
        C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
        C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
        C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
        C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
        C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
        C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
        C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\wsvd.sys 82E8F5AA03DF7DBDB8A33F700D5D8CDA
        C:\Windows\System32\DRIVERS\wtsmpadap.sys F7ADA10CF0F02435B1C9E5C6FD0EC3A4
        C:\Windows\System32\DRIVERS\wtsmpflt.sys 4B604168F293A6AD8CE56B528E4DAD14
        C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
        C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
        C:\Windows\System32\Drivers\x10hid.sys BAA813A76F5DB6CC3C2CEAB7D82B6972
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== Three Months Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-18 11:08 - 2016-09-18 11:09 - 00037321 _____ C:\Users\Maria\Downloads\FRST.txt
        2016-09-18 11:07 - 2016-09-18 11:08 - 00000000 ____D C:\FRST
        2016-09-18 11:06 - 2016-09-18 11:06 - 02399232 _____ (Farbar) C:\Users\Maria\Downloads\FRST64.exe
        2016-09-18 09:36 - 2016-09-18 10:41 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
        2016-09-18 09:36 - 2016-09-18 09:41 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
        2016-09-18 09:36 - 2016-09-18 09:36 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2016-09-18 09:36 - 2016-09-18 09:36 - 00003740 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2016-09-18 09:36 - 2016-09-18 09:36 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2016-09-18 09:36 - 2016-09-18 09:36 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2016-09-18 09:36 - 2016-09-18 09:36 - 00000000 ____D C:\Program Files (x86)\Google
        2016-09-17 02:15 - 2016-09-17 02:20 - 00001456 _____ C:\Users\Maria\AppData\Local\Adobe Save for Web 13.0 Prefs
        2016-09-17 01:57 - 2016-09-17 01:57 - 00000000 ____D C:\Users\Maria\Documents\Adobe
        2016-09-16 10:11 - 2016-09-16 10:11 - 00017007 _____ C:\Users\Maria\Downloads\Fucking The Feds (22.04.2016) 1080p (Rachel Starr & Charles Dera & Keiran Lee).mp4.torrent
        2016-09-15 23:18 - 2016-09-15 23:18 - 00016731 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.WEBRip.x264.AAC-WAR.torrent
        2016-09-15 23:16 - 2016-09-15 23:16 - 00014898 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.HDRip.XviD.AC3-EVO.torrent
        2016-09-15 23:16 - 2016-09-15 23:16 - 00014898 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.HDRip.XviD.AC3-EVO (1).torrent
        2016-09-14 22:18 - 2016-09-01 22:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2016-09-14 22:18 - 2016-09-01 21:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2016-09-14 22:18 - 2016-09-01 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
        2016-09-14 22:18 - 2016-09-01 06:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2016-09-14 22:18 - 2016-09-01 05:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
        2016-09-14 22:18 - 2016-09-01 05:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2016-09-14 22:18 - 2016-09-01 05:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
        2016-09-14 22:18 - 2016-09-01 05:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
        2016-09-14 22:18 - 2016-09-01 05:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2016-09-14 22:18 - 2016-09-01 05:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2016-09-14 22:18 - 2016-09-01 05:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
        2016-09-14 22:18 - 2016-09-01 05:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
        2016-09-14 22:18 - 2016-09-01 05:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
        2016-09-14 22:18 - 2016-09-01 05:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2016-09-14 22:18 - 2016-09-01 05:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
        2016-09-14 22:18 - 2016-09-01 05:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
        2016-09-14 22:18 - 2016-09-01 05:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
        2016-09-14 22:18 - 2016-09-01 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
        2016-09-14 22:18 - 2016-09-01 04:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
        2016-09-14 22:18 - 2016-09-01 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
        2016-09-14 22:18 - 2016-09-01 04:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2016-09-14 22:18 - 2016-09-01 04:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2016-09-14 22:18 - 2016-09-01 04:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
        2016-09-14 22:18 - 2016-09-01 04:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2016-09-14 22:18 - 2016-09-01 04:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2016-09-14 22:18 - 2016-09-01 04:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2016-09-14 22:18 - 2016-09-01 04:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
        2016-09-14 22:18 - 2016-09-01 04:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2016-09-14 22:18 - 2016-09-01 04:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2016-09-14 22:18 - 2016-09-01 03:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2016-09-14 22:18 - 2016-09-01 03:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2016-09-14 22:18 - 2016-09-01 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2016-09-14 22:18 - 2016-09-01 03:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2016-09-14 22:18 - 2016-09-01 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2016-09-14 22:18 - 2016-09-01 03:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2016-09-14 22:18 - 2016-09-01 03:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2016-09-14 22:18 - 2016-09-01 03:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2016-09-14 22:18 - 2016-09-01 03:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2016-09-14 22:18 - 2016-09-01 03:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2016-09-14 22:18 - 2016-09-01 03:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2016-09-14 22:18 - 2016-09-01 03:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2016-09-14 22:18 - 2016-09-01 03:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2016-09-14 22:18 - 2016-09-01 03:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2016-09-14 22:18 - 2016-09-01 03:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2016-09-14 22:18 - 2016-09-01 03:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2016-09-14 22:18 - 2016-09-01 03:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2016-09-14 22:18 - 2016-09-01 03:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2016-09-14 22:18 - 2016-09-01 03:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2016-09-14 22:18 - 2016-09-01 03:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2016-09-14 22:18 - 2016-09-01 03:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2016-09-14 22:18 - 2016-09-01 02:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2016-09-14 22:18 - 2016-09-01 02:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2016-09-14 22:18 - 2016-09-01 02:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2016-09-14 22:18 - 2016-09-01 02:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2016-09-14 22:18 - 2016-09-01 02:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2016-09-14 22:18 - 2016-09-01 02:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2016-09-14 22:18 - 2016-09-01 02:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2016-09-14 22:18 - 2016-09-01 02:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2016-09-14 22:18 - 2016-09-01 02:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2016-09-14 22:18 - 2016-09-01 02:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2016-09-14 22:18 - 2016-09-01 02:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2016-09-14 22:18 - 2016-09-01 02:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2016-09-14 22:18 - 2016-09-01 02:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2016-09-14 22:18 - 2016-09-01 02:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2016-09-14 22:18 - 2016-09-01 01:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2016-09-14 22:18 - 2016-09-01 01:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2016-09-14 22:18 - 2016-08-16 20:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
        2016-09-14 22:18 - 2016-08-16 05:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
        2016-09-14 22:18 - 2016-08-16 05:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2016-09-14 22:18 - 2016-08-12 19:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2016-09-14 22:18 - 2016-08-12 19:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2016-09-14 22:18 - 2016-08-12 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2016-09-14 22:17 - 2016-09-02 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2016-09-14 22:17 - 2016-09-02 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2016-09-14 22:17 - 2016-09-02 18:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2016-09-14 22:17 - 2016-09-02 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2016-09-14 22:17 - 2016-09-02 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2016-09-14 22:17 - 2016-09-02 18:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2016-09-14 22:17 - 2016-09-02 18:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
        2016-09-14 22:17 - 2016-09-02 18:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
        2016-09-14 22:17 - 2016-09-02 18:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 18:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2016-09-14 22:17 - 2016-09-02 18:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2016-09-14 22:17 - 2016-09-02 18:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2016-09-14 22:17 - 2016-09-02 17:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2016-09-14 22:17 - 2016-09-02 17:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2016-09-14 22:17 - 2016-09-02 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2016-09-14 22:17 - 2016-09-02 17:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2016-09-14 22:17 - 2016-09-02 17:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2016-09-14 22:17 - 2016-09-02 17:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2016-09-14 22:17 - 2016-09-02 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
        2016-09-14 22:17 - 2016-09-02 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
        2016-09-14 22:17 - 2016-09-02 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
        2016-09-14 22:17 - 2016-09-02 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
        2016-09-14 22:17 - 2016-09-02 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
        2016-09-14 22:17 - 2016-09-02 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
        2016-09-14 22:17 - 2016-06-06 19:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
        2016-09-14 22:17 - 2016-06-06 19:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
        2016-09-14 22:17 - 2016-06-06 19:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
        2016-09-14 22:17 - 2016-06-06 19:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
        2016-09-14 22:17 - 2016-06-06 18:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
        2016-09-14 22:17 - 2016-06-06 18:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
        2016-09-14 22:17 - 2016-06-06 18:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
        2016-09-14 22:17 - 2016-06-06 18:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
        2016-09-14 22:17 - 2016-05-14 01:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
        2016-09-14 22:17 - 2016-05-14 01:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
        2016-09-14 22:17 - 2016-05-14 01:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
        2016-09-14 22:17 - 2016-05-14 01:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
        2016-09-14 22:17 - 2016-05-14 00:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
        2016-09-14 22:17 - 2016-05-14 00:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
        2016-09-14 22:17 - 2016-05-14 00:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
        2016-09-14 22:17 - 2016-05-14 00:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
        2016-09-14 22:17 - 2016-05-14 00:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
        2016-09-14 22:17 - 2016-05-14 00:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
        2016-09-14 22:17 - 2016-05-14 00:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
        2016-09-14 22:17 - 2016-05-14 00:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
        2016-09-14 22:17 - 2016-05-14 00:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
        2016-09-14 22:17 - 2016-05-14 00:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
        2016-09-14 22:17 - 2016-05-14 00:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
        2016-09-14 22:17 - 2016-05-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
        2016-09-14 22:17 - 2016-05-12 20:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
        2016-09-14 22:17 - 2016-05-12 18:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
        2016-09-14 22:17 - 2016-05-12 18:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
        2016-09-14 22:17 - 2016-05-04 20:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
        2016-09-14 22:17 - 2016-05-04 20:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
        2016-09-14 22:17 - 2016-05-04 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
        2016-09-14 22:17 - 2016-05-04 20:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
        2016-09-14 22:17 - 2016-05-04 20:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
        2016-09-14 22:17 - 2016-05-04 20:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
        2016-09-14 22:17 - 2016-05-04 20:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
        2016-09-14 22:17 - 2016-05-04 18:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
        2016-09-14 22:17 - 2016-05-04 17:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
        2016-09-14 22:16 - 2016-09-02 18:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2016-09-14 22:16 - 2016-09-02 18:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2016-09-14 22:16 - 2016-09-02 18:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2016-09-14 22:16 - 2016-09-02 18:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2016-09-14 22:16 - 2016-09-02 18:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2016-09-14 22:16 - 2016-09-02 18:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2016-09-14 22:16 - 2016-09-02 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
        2016-09-14 22:16 - 2016-09-02 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
        2016-09-14 22:16 - 2016-09-02 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2016-09-14 22:16 - 2016-09-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
        2016-09-14 22:16 - 2016-09-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2016-09-14 22:16 - 2016-09-02 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
        2016-09-14 22:16 - 2016-08-06 18:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
        2016-09-14 22:16 - 2016-08-06 18:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
        2016-09-14 22:16 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
        2016-09-14 22:16 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
        2016-09-14 22:16 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
        2016-09-14 22:16 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
        2016-09-14 22:16 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2016-09-14 22:16 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
        2016-09-14 22:16 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
        2016-09-14 22:16 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
        2016-09-14 22:16 - 2016-05-04 20:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
        2016-09-14 22:16 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
        2016-09-14 22:16 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
        2016-09-14 22:00 - 2016-09-14 22:00 - 00010936 _____ C:\Users\Maria\Downloads\Dead.Rising.Watchtowe.2015.576p.BRRip.x264.DUAL-SiSO.torrent
        2016-09-14 08:45 - 2016-09-14 08:45 - 00019535 _____ C:\Users\Maria\Downloads\[CFNMSecret] Dylan Daniels, Gabriella Ford, Liza Rowe, Jojo Kiss [Game of Cocks].torrent
        2016-09-13 21:10 - 2016-09-13 21:10 - 00655568 _____ C:\Users\Maria\Downloads\Warcraft.2016.1080p.BluRay.x264-SPARKS.torrent
        2016-09-12 09:41 - 2016-09-12 09:41 - 00015782 _____ C:\Users\Maria\Downloads\Marc Dorcel -  Novice Lawyer.torrent
        2016-09-12 09:40 - 2016-09-12 09:40 - 00011719 _____ C:\Users\Maria\Downloads\RealityJunkies - Trisha Parks - DP Touchdown.torrent
        2016-09-11 17:37 - 2016-09-12 16:49 - 00002499 _____ C:\Users\Maria\Desktop\vip extri d2.txt
        2016-09-11 13:22 - 2016-09-11 13:22 - 00016663 _____ C:\Users\Maria\Downloads\BrazzersExxtra - Elsa Jean, Riley Reid (Licking Locked Up).torrent
        2016-09-11 13:22 - 2016-09-11 13:22 - 00011603 _____ C:\Users\Maria\Downloads\BangBrosClips - Jillian Janson.torrent
        2016-09-10 21:42 - 2016-09-10 21:42 - 00011840 _____ C:\Users\Maria\Downloads\The.Haunting.In.Connecticut.2009.EXTENDED.720p.BRRip.XviD.AC3-ViSiON.torrent
        2016-09-10 21:38 - 2016-09-10 21:38 - 00034362 _____ C:\Users\Maria\Downloads\The.Pyramid.2014.1080p.BluRay.x264-GECKOS (1).torrent
        2016-09-10 21:37 - 2016-09-10 21:37 - 00034362 _____ C:\Users\Maria\Downloads\The.Pyramid.2014.1080p.BluRay.x264-GECKOS.torrent
        2016-09-09 11:23 - 2007-01-18 17:35 - 00000000 ____D C:\Program Files\cs1.6
        2016-09-08 22:20 - 2016-09-08 22:20 - 00014819 _____ C:\Users\Maria\Downloads\Poltergeist.SCR.x265-WARHD.torrent
        2016-09-08 21:42 - 2016-09-08 21:42 - 00013710 _____ C:\Users\Maria\Downloads\Poltergeist.2015.EXTENDED.720p.x265-WAR.torrent
        2016-09-08 21:41 - 2016-09-08 21:41 - 00014468 _____ C:\Users\Maria\Downloads\Poltergeist.2015.EXTENDED.BRRip.XViD.AC3-ETRG.torrent
        2016-09-08 21:40 - 2016-09-08 21:40 - 00013263 _____ C:\Users\Maria\Downloads\Poltergeist.2015.Extended.BDRip.XviD-WAR.torrent
        2016-09-06 21:21 - 2016-09-06 21:21 - 00021908 _____ C:\Users\Maria\Downloads\The.Darkness.2016.720p.BluRay.x264.DTS-WAR.torrent
        2016-09-06 20:06 - 2016-09-06 20:18 - 00000000 ____D C:\Users\Maria\Desktop\CHISTA Platforma ReHLDS
        2016-09-06 10:24 - 2016-09-06 10:24 - 00010478 _____ C:\Users\Maria\Downloads\Boxtrucksex - Lien Parker .torrent
        2016-09-06 10:22 - 2016-09-06 10:22 - 00011341 _____ C:\Users\Maria\Downloads\Boxtrucksex - Candee Licious.torrent
        2016-09-05 11:10 - 2016-09-05 11:10 - 00013071 _____ C:\Users\Maria\Downloads\All Asian.torrent
        2016-09-05 11:09 - 2016-09-05 11:09 - 00162552 _____ C:\Users\Maria\Downloads\Russian Institute 22 - Medical Exam.torrent
        2016-09-05 11:08 - 2016-09-05 11:08 - 00011209 _____ C:\Users\Maria\Downloads\xart.16.09.03.jillian.janson.and.blake.eden.the.pussy.cat.burglar.torrent
        2016-09-03 11:12 - 2016-09-03 11:12 - 00011752 _____ C:\Users\Maria\Downloads\ExxxtraSmall - Gabriella Ford - Gabriella Gets What She Wants.torrent
        2016-09-03 11:11 - 2016-09-03 11:11 - 00045660 _____ C:\Users\Maria\Downloads\DARE DORM - Raver Party - College Teen Sex Orgy.torrent
        2016-09-01 09:41 - 2016-09-01 09:41 - 00015477 _____ C:\Users\Maria\Downloads\[DoctorAdventures] Kelsi Monroe NEW 2016 XXX.torrent
        2016-09-01 09:41 - 2016-09-01 09:41 - 00010552 _____ C:\Users\Maria\Downloads\RKPrime.Nekane.Penis.Games.XXX.28.08.2016.MP4-xET.torrent
        2016-08-30 12:28 - 2016-08-30 12:28 - 00000290 _____ C:\Users\Maria\cancel_body.html
        2016-08-30 02:13 - 2016-08-30 02:13 - 00005520 _____ C:\Users\Maria\common.php
        2016-08-27 17:22 - 2016-09-10 22:34 - 00000000 ____D C:\Users\Maria\Desktop\stoicho  music NEW
        2016-08-27 03:11 - 2016-08-27 03:11 - 00000000 ___RD C:\Users\Maria\OneDrive
        2016-08-27 03:11 - 2016-08-27 03:11 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
        2016-08-27 03:09 - 2016-08-27 03:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
        2016-08-26 14:31 - 2016-08-26 14:32 - 06662856 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.21.0_win64-setup.exe
        2016-08-24 02:09 - 2016-08-24 02:09 - 00000565 _____ C:\Users\Maria\admin_notify_duplicates.txt
        2016-08-23 16:07 - 2016-08-23 16:08 - 00000000 ____D C:\Users\Maria\AppData\Local\Viber
        2016-08-18 01:33 - 2016-09-10 00:59 - 00000865 _____ C:\Users\Maria\Desktop\cs1.6.lnk
        2016-08-18 01:29 - 2007-01-18 17:35 - 00000000 ____D C:\Program Files (x86)\cs1.6
        2016-08-17 22:34 - 2016-08-18 01:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
        2016-08-17 14:48 - 2016-08-17 14:48 - 00000908 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
        2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
        2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\Program Files\TAP-Windows
        2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\Program Files\OpenVPN
        2016-08-17 14:45 - 2016-08-17 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
        2016-08-17 11:50 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
        2016-08-17 11:50 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
        2016-08-13 18:57 - 2016-08-13 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
        2016-08-05 10:36 - 2016-08-05 10:36 - 06647784 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.20.1_win64-setup.exe
        2016-07-24 15:53 - 2016-09-17 22:47 - 00000000 ____D C:\Users\Maria\Documents\Outlook Files
        2016-07-20 00:23 - 2016-07-20 00:23 - 00000000 ____D C:\Windows\EOONotify
        2016-07-16 19:54 - 2016-08-10 14:22 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
        2016-07-14 18:05 - 2016-07-14 18:05 - 08156072 _____ (TeamViewer GmbH) C:\Users\Maria\Desktop\TeamViewer_Setup.exe
        2016-07-14 11:17 - 2016-06-26 03:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
        2016-07-14 11:17 - 2016-06-26 03:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
        2016-07-14 11:17 - 2016-06-26 03:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
        2016-07-14 11:17 - 2016-06-26 03:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2016-07-14 11:17 - 2016-06-26 03:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
        2016-07-14 11:17 - 2016-06-26 03:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
        2016-07-14 11:17 - 2016-06-26 03:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
        2016-07-14 11:17 - 2016-06-25 22:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
        2016-07-14 11:17 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
        2016-07-14 11:17 - 2016-06-25 22:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
        2016-07-14 11:17 - 2016-06-25 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
        2016-07-14 11:17 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
        2016-07-14 11:17 - 2016-06-22 16:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
        2016-07-14 11:17 - 2016-06-17 21:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
        2016-07-14 11:17 - 2016-06-17 21:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
        2016-07-14 11:17 - 2016-06-17 21:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
        2016-07-14 11:17 - 2016-06-17 21:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
        2016-07-14 11:17 - 2016-06-17 21:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
        2016-07-14 11:17 - 2016-06-17 21:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
        2016-07-04 23:17 - 2016-07-04 23:18 - 06569088 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.19.0_win64-setup.exe
        2016-06-24 22:26 - 2016-06-24 22:26 - 17061922 _____ C:\Users\Maria\Downloads\fizioterapiq2015.2016.pdf
        2016-06-24 22:26 - 2016-06-24 22:26 - 05478111 _____ C:\Users\Maria\Downloads\oshte.fizioterapiq 2015.2016.pdf
        2016-06-24 17:45 - 2016-06-24 17:45 - 04977231 _____ C:\Users\Maria\Downloads\protokol IOS 2016.pdf
        ==================== Three Months Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-09-18 10:49 - 2013-12-08 20:23 - 00000000 ____D C:\Users\Maria\AppData\Roaming\Skype
        2016-09-18 10:42 - 2014-02-23 18:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
        2016-09-18 09:37 - 2009-07-14 07:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2016-09-18 09:37 - 2009-07-14 07:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2016-09-18 09:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
        2016-09-18 09:23 - 2015-08-24 01:28 - 00000000 ____D C:\Users\Maria\AppData\Roaming\ViberPC
        2016-09-18 09:21 - 2013-12-08 00:06 - 00000000 ____D C:\ProgramData\NVIDIA
        2016-09-18 09:21 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
        2016-09-18 01:07 - 2013-12-08 22:22 - 00000000 ____D C:\Users\Maria\AppData\Local\Mirillis
        2016-09-17 23:46 - 2013-12-08 20:33 - 00000000 ____D C:\Users\Maria\AppData\Local\Google
        2016-09-17 22:42 - 2014-12-28 22:29 - 00000000 ____D C:\Program Files (x86)\Steam
        2016-09-17 22:33 - 2014-05-15 19:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2016-09-17 19:20 - 2015-08-24 01:29 - 00000000 ____D C:\Users\Maria\Documents\ViberDownloads
        2016-09-17 13:27 - 2016-02-23 00:34 - 00000000 ____D C:\Users\Maria\AppData\Local\CrashDumps
        2016-09-17 13:27 - 2016-02-13 11:09 - 00000000 ____D C:\Users\Maria\AppData\Roaming\FileZilla
        2016-09-17 13:27 - 2013-12-08 22:24 - 00000000 ____D C:\Users\Maria\AppData\Roaming\uTorrent
        2016-09-17 13:27 - 2013-12-08 20:28 - 00000000 ____D C:\Users\Maria\AppData\Roaming\AIMP3
        2016-09-17 02:16 - 2015-02-10 19:50 - 00000132 _____ C:\Users\Maria\AppData\Roaming\Adobe GIF Format CS6 Prefs
        2016-09-17 01:57 - 2013-12-08 06:58 - 00000000 ____D C:\Users\Maria\AppData\Roaming\Adobe
        2016-09-17 01:26 - 2014-02-24 17:56 - 00000132 _____ C:\Users\Maria\AppData\Roaming\Adobe PNG Format CS6 Prefs
        2016-09-15 23:28 - 2016-02-13 16:56 - 00000000 ____D C:\Users\Maria\Desktop\stoicho
        2016-09-15 10:36 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
        2016-09-15 10:29 - 2009-07-14 07:45 - 00422584 _____ C:\Windows\system32\FNTCACHE.DAT
        2016-09-15 02:40 - 2014-01-19 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
        2016-09-15 02:39 - 2014-01-19 15:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
        2016-09-15 02:39 - 2014-01-19 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
        2016-09-15 02:37 - 2013-12-08 00:33 - 00000000 ____D C:\Windows\system32\MRT
        2016-09-15 02:29 - 2013-12-08 00:33 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2016-09-13 21:42 - 2014-02-23 18:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
        2016-09-13 21:42 - 2014-02-23 18:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
        2016-09-13 21:42 - 2014-02-23 18:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2016-09-13 21:42 - 2014-02-23 18:42 - 00000000 ____D C:\Windows\system32\Macromed
        2016-09-13 21:42 - 2014-02-18 20:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
        2016-09-13 21:27 - 2016-06-04 16:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
        2016-09-07 00:12 - 2014-12-02 22:27 - 00000000 ___RD C:\Program Files (x86)\Skype
        2016-09-07 00:12 - 2013-12-08 20:23 - 00000000 ____D C:\ProgramData\Skype
        2016-08-31 20:09 - 2016-03-06 22:21 - 00000000 ____D C:\ProgramData\YTD Video Downloader
        2016-08-30 21:20 - 2015-01-20 00:33 - 00000000 ____D C:\Users\Maria\Documents\Youcam
        2016-08-30 12:28 - 2013-12-07 21:19 - 00000000 ____D C:\Users\Maria
        ==================== Files in the root of some directories =======
        2015-01-14 22:16 - 2015-01-14 22:16 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe BMP Format CS6 Prefs
        2015-02-10 19:50 - 2016-09-17 02:16 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe GIF Format CS6 Prefs
        2014-02-24 17:56 - 2016-09-17 01:26 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe PNG Format CS6 Prefs
        2016-09-17 02:15 - 2016-09-17 02:20 - 0001456 _____ () C:\Users\Maria\AppData\Local\Adobe Save for Web 13.0 Prefs
        2014-05-28 19:30 - 2014-05-28 19:30 - 0004608 _____ () C:\Users\Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2013-12-08 15:02 - 2013-12-08 15:02 - 0001716 _____ () C:\Users\Maria\AppData\Local\FastClean.20131208.140235.txt
        2013-12-08 15:43 - 2013-12-08 15:43 - 0000017 _____ () C:\Users\Maria\AppData\Local\resmon.resmoncfg
        2013-12-08 16:07 - 2013-12-08 16:07 - 0017408 _____ () C:\Users\Maria\AppData\Local\WebpageIcons.db
        2013-12-07 22:09 - 2013-12-07 22:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
        ==================== Bamital & volsnap =================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== BCD ================================
        Windows Boot Manager
        --------------------
        identifier              {bootmgr}
        device                  partition=\Device\HarddiskVolume1
        description             Windows Boot Manager
        locale                  en-US
        inherit                 {globalsettings}
        default                 {current}
        resumeobject            {1763d638-00d8-11e1-be2d-f67a1c702b8f}
        displayorder            {current}
        toolsdisplayorder       {memdiag}
        timeout                 30
        Windows Boot Loader
        -------------------
        identifier              {1763d636-00d8-11e1-be2d-f67a1c702b8f}
        device                  ramdisk=[C:]\Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d637-00d8-11e1-be2d-f67a1c702b8f}
        path                    \windows\system32\winload.exe
        description             Windows Recovery Environment
        inherit                 {bootloadersettings}
        osdevice                ramdisk=[C:]\Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d637-00d8-11e1-be2d-f67a1c702b8f}
        systemroot              \windows
        nx                      OptIn
        winpe                   Yes
        Windows Boot Loader
        -------------------
        identifier              {current}
        device                  partition=C:
        path                    \Windows\system32\winload.exe
        description             Windows 7
        locale                  en-US
        inherit                 {bootloadersettings}
        recoverysequence        {1763d63a-00d8-11e1-be2d-f67a1c702b8f}
        recoveryenabled         Yes
        osdevice                partition=C:
        systemroot              \Windows
        resumeobject            {1763d638-00d8-11e1-be2d-f67a1c702b8f}
        nx                      OptIn
        Windows Boot Loader
        -------------------
        identifier              {1763d63a-00d8-11e1-be2d-f67a1c702b8f}
        device                  ramdisk=[C:]\Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d63b-00d8-11e1-be2d-f67a1c702b8f}
        path                    \windows\system32\winload.exe
        description             Windows Recovery Environment
        inherit                 {bootloadersettings}
        osdevice                ramdisk=[C:]\Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d63b-00d8-11e1-be2d-f67a1c702b8f}
        systemroot              \windows
        nx                      OptIn
        winpe                   Yes
        Resume from Hibernate
        ---------------------
        identifier              {1763d638-00d8-11e1-be2d-f67a1c702b8f}
        device                  partition=C:
        path                    \Windows\system32\winresume.exe
        description             Windows Resume Application
        locale                  en-US
        inherit                 {resumeloadersettings}
        filedevice              partition=C:
        filepath                \hiberfil.sys
        debugoptionenabled      No
        Windows Memory Tester
        ---------------------
        identifier              {memdiag}
        device                  partition=\Device\HarddiskVolume1
        path                    \boot\memtest.exe
        description             Windows Memory Diagnostic
        locale                  en-US
        inherit                 {globalsettings}
        badmemoryaccess         Yes
        EMS Settings
        ------------
        identifier              {emssettings}
        bootems                 Yes
        Debugger Settings
        -----------------
        identifier              {dbgsettings}
        debugtype               Serial
        debugport               1
        baudrate                115200
        RAM Defects
        -----------
        identifier              {badmemory}
        Global Settings
        ---------------
        identifier              {globalsettings}
        inherit                 {dbgsettings}
                                {emssettings}
                                {badmemory}
        Boot Loader Settings
        --------------------
        identifier              {bootloadersettings}
        inherit                 {globalsettings}
                                {hypervisorsettings}
        Hypervisor Settings
        -------------------
        identifier              {hypervisorsettings}
        hypervisordebugtype     Serial
        hypervisordebugport     1
        hypervisorbaudrate      115200
        Resume Loader Settings
        ----------------------
        identifier              {resumeloadersettings}
        inherit                 {globalsettings}
        Device options
        --------------
        identifier              {1763d637-00d8-11e1-be2d-f67a1c702b8f}
        description             Ramdisk Options
        ramdisksdidevice        partition=C:
        ramdisksdipath          \Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\boot.sdi
        Device options
        --------------
        identifier              {1763d63b-00d8-11e1-be2d-f67a1c702b8f}
        description             Ramdisk Options
        ramdisksdidevice        partition=C:
        ramdisksdipath          \Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\boot.sdi
        LastRegBack: 2016-09-15 13:40
        ==================== End of FRST.txt ============================
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение